From e888d970a37e8b2c75a70ed984cf40ff61e91dc2 Mon Sep 17 00:00:00 2001 From: davidpil2002 <91657985+davidpil2002@users.noreply.github.com> Date: Sun, 14 Apr 2024 13:46:12 +0300 Subject: [PATCH] Add LDAP HLD (#1487) This LDAP HLD doc describes the requirements, architecture and configuration details of LDAP feature in SONiC. --- doc/aaa/ldap/dit_example.png | Bin 0 -> 18769 bytes doc/aaa/ldap/hld_ldap.md | 453 ++++++++++++++++++++++++++++ doc/aaa/ldap/ldap_intro.jpg | Bin 0 -> 22052 bytes doc/aaa/ldap/ldap_sonic.jpg | Bin 0 -> 39285 bytes doc/aaa/ldap/nss_layout.png | Bin 0 -> 19201 bytes doc/aaa/ldap/pam_layout.png | Bin 0 -> 17651 bytes doc/aaa/ldap/sonic-system-ldap.yang | 108 +++++++ 7 files changed, 561 insertions(+) create mode 100644 doc/aaa/ldap/dit_example.png create mode 100755 doc/aaa/ldap/hld_ldap.md create mode 100644 doc/aaa/ldap/ldap_intro.jpg create mode 100644 doc/aaa/ldap/ldap_sonic.jpg create mode 100644 doc/aaa/ldap/nss_layout.png create mode 100644 doc/aaa/ldap/pam_layout.png create mode 100644 doc/aaa/ldap/sonic-system-ldap.yang diff --git a/doc/aaa/ldap/dit_example.png b/doc/aaa/ldap/dit_example.png new file mode 100644 index 0000000000000000000000000000000000000000..1076e0e53e8cf84166235c7e74e0595fe8488042 GIT binary patch literal 18769 zcmdRWWk6J4_pXF=%+L)pq=F!#bPhvUAfgD;B`BTJIl#~$VG#-_C>_!u!bnMjFtp^* z(lF%R{NDfjfA9TzKiv2LXBf^tXYaGuT6;auv-XL6prt`g!A5cE(k1HKn#hNjE)iOQ z&sZ`N@LTgu`~)}kThY$9?}cyeweQ@zHpj6c5$jkqzW0@2tyNUEg>;*}Wm~{{8%cVz0lao7=Am2??73w`UtxQuGKi7z#qJ zg1C2agsW(x$-xo9M@BAwaYPftU;^MsmdL}0xj4e;P^dQ-M`TC>gdR?QxHn>2XjtXA zKjGGE@LJTk;(0V)(!3e<;5j{lfsf7t!ABt0u=~pR<)p`OqrY#}H@gw7_myw#IpsVn zEPh6fX2&bCU3Ea9Ly(AjXudyT%qAsT>9S#pVXX93T+xRCV4SA^SFF-&46_LgmN-!cP^uB@|-QnO1|^Rr@yi;UUF-oLD#O1`3- zrf`0C{I_pvNEzG<10D#HF5wBRb=+BM!a4Mo!`M)z!#LB}d#;nMHg3=3^{R0&TI=tp z`-ZkoQwAkw!H>T_>Ts-G7C2sf?}YHxB?7&oivUmYwz5eWmXzDiOfcR3)#C#F{z}J5 zwy|R|{BtiiH^)WGDyM0#BQYP>TGPe9xSn)7n+)&I>Ao8^lKw}#eN*Z43pG%Sg9*3z zbl1)+`=d6QVf$xyO){>etqml<-d!a5&utu0*r6}Fg@Na1j%4c#uT3j;wH1DU)hn#M zi$2}yRoee0_8r?4OjP)!*hKPK7mHz~{oBH)-#P`f(rk%Hs7h2qN!G`t<1F=xP1bud zl>!^7x#Y1v2OAF4{s)sqn(T-$^Cs_|#hTu=^O*?lwfy47vit8PM;E)_JM^T zonfbZ|0)RTp^MU8T3JOoxiWs3Ce1zTdSkviQvC9JcoWXqa2pS7uFRnPS&dsMc}wf* z(O$Wt|B>{um}%pLKdG=@f%7tE7#k~;8R2{VQB*s|bDmss!A~;Ih8v$ke_=v27giNy zi(+Yx2tTXe=_v=-8|#t5aWF$=cl%TeefCz060M6Elu}UAavRli6XIyX&*jVwF!!ynjY=BMCBPn9Mi9 zBOL=L{Vj?;R5hA(Y2)<#ahX}#1#@~g<*GF$v#9&B(`4CDFNiS%}4ueKL{jW6eBI)dk2 zlkUGis+X^K&9K5YvCiZf&^70(a?-;pi0Cn)(X#KT# z*%hJJg7QRJ3Gxc~`J{CWy|z1!JMd&{<2C&y=+i7Dx!iU;uW^7&{A%&{DRPNzx*u)j z#-5|rqSQt>6up)+ZZj=Sb0zQ62lYT2>kmXi*T0weS&A>v|F!2VZiB;=sI@k zLnw_a;>N2>GouHiHrzIE*tVRSfbxP%nH z=+J?)$@CxoMEc%B7$bnc`-nr#N|0iWuw_l1{g!Q6@!mV4(ZHt{}nzasN*lu;M^L9o+ z__NfkoKFt7L=}KHEChz@2jea7ri$R>IY%J{RGhsT3gg}5yx-fiyRIkSsqK*4pv)oH zLHAjZVJS=PiW@vfII7<}HIAzN@q1T#r59cO>%wjSE9`0^Vn`VJRe8Ie-$k_3x4b~V zO%Z+~t5SI|tO(I7OEP-BVMo0u-bUMQJ$q1{d8;g=j4e5l8r|h zz0!BcOV-RQPR0z^tp90HWF&L24|@(HBt@oaerFcwdOIt7=DUdE^u(I)HxbcRAM<=Z zyvNtsqSymt(?mgFtrD99gz%`p5MlK70j-Ki+jp7gi!(;yW|2YA2Ey>`P&eQNFObZU z>QKfms(zJ$pmmmK)K&aWuAb{-zZd8cq63)o;_qi;pVDC?o8I==SQ|4@7S$xAV2x51 zEjl&bbL@HDz&(b9_`}96FY;T3J!-L{9rj~2=piXtGet-A73JW zxJCo|`R}hO(LB%;3nkUh$O*LGmI!kA&E2-mtB6GN+iRFoEE6pJ!4X(`jge6{3vz4s zWlJa%RWQA(vD8MsyTG92x?7XH*ATx z&JCr=^Hf7emt|NKxgz0JuzEWuUSuw4b+mX}v?k+hu(vMNkA9&+$lxJStjzTK_wzGR z1SUXnhuJ)wN14pIa5MI!7Lr6Y3Qd%C3)u`2MtVVlk+v)XmNbmia&2^5&xZ@%%6$h5 zm1AD<({C@dc&=B)REXP9o|M1|saQ7VB|{(#y1l*DRXFQabeFi3b`{!>*mc%=d&7F-0eC2pdtK)id9N!h z@2>qI#>3U3s`D83mG#Z*y7sLcS)1c;AKa@vn0=KucWcCG4#htrK-jSFH?Xb7T- zM+>bePTWT94}Z4COBn9_$0vvf(N4{+IN>kw0#m}J8ljA$?APGy*1*unZz@X((y08D zkhs@Y0^taI$8nHCiHz#E9M)1KhWh=D zUP?$YnP8UVR0f&ZlyWzDMz9TkH(ITSzZdesukEzXeR*~};x9C^3%{L3`QAdCdy*K* z<{d3W(n&pHr7tb_KP@>F;vWcXuoN)F{LkVUMjAU8@u9YHe=yONF_lpDK4+R1U!%|^ z>gM2M$mQ+TD1rm)_Bel|%pC|hvb|amcT`bIOpZiQ2} z{M4$w$cbnF$ z1UYKtg>mo&O>0}-zYd!v_~lT-aFM!Rj=#uXFA0~HyA#@(mrjIK7D%P$vD~yxh~736 zQ`C^v8t;kyX%ZP;Dw_76)9oy`j^jl7ZfAeFwi^4b62cge_;{Ez+C8l@ojvjTFt_i) znIG>Prj9p(${xN^g2t2$*6r`CZ57`fV|+b6K2jxSrpiuZ=sLo!~3I zwk!^$1`fs^2DUu$+wKtTd3pWOHRJ;jQiDlhtr)v-RsbWPKI?vG&3N?@n22C?#64mz z6ibi${@UnA1%MCSEXk?Oa%CYA8QBH?1-EGq!hh`BB%+XS4|5p*$@ z3tOlMXT2i$f8d59Pb=E5>J`|6$4b2pMWEC0Ai**g-1z(boMs&g_tHdvk{PdZs&W{w zyzKKH;H{J^x~eTtB-x~o=7E3S$xpX0zWzP=&*ZROFCUBZxvX({QqF9e=RT+4(kNQvOS{u4}RD zEqz%91xGcd|(8l%3|tZ7ZbM&2bw(VhKv-gx~g$4Nx$zb@VEJbijF?F14(@^xrw zP>s;bY5%Iz{c$H?NjW5dclf5k?LP!^@$o(`s91*YhRn!qrsZJJscn#hjyD`k*_A)* zrT}d()lGTh(#!HSWgr&!==%~3PL_whB%$=#V6fEBn&_XTz{b96q8R~8up9>3!(mL^ zz_h-?VS3JBLYTo*z4HLYQvAYcqPkzw9&2`iCqM5wWWx2wsXt4tP&I<) z0*IsHqQu@yI=J4oG;;aLxDU{J`2HgGMdyg`qqhc>lLYP?`PbnW->-wGQ1y!c?$d*f z$;o0DK8gS8I2{9Qf7sAz)Uj^;87YTzkfHF}z+JI#b8&J#`_qAexJTY~5>oU0ufid! z#9RQViQY*4XP|U^unQ7l6wH$yATcrx1!H=~9jYdu31)a@{X;SI$o)mdb!CJ^)#LUR z|9!VYh~>-^4zY$V03b(OW7!Wff8P0iydlS~=vQr6!v;752hioRjwHc4SR1RvGc3r; zpM$Kmc5kV_#o+>X?XCR&bxJbmYS21wm|tnwc=R z2|(HTqMc?+G3?>i+~nR&X5g92^xnqgcwxg%zXo?rrrLJNvoSz57**H-EVJ?E0F3y_ zJE(+`uNXG(AX_8e(<7b#C70J9f^h);CJFN{p!gu$ zCg)(Tb`>BLsu}m*x(0F2*7|LXR~27S9*)xVnb&Rmcvi>0<>yaNyq+WA4$u6ZjWfBnE1nNd)JXqnp^@wAk>9z;>>+o$JGj2tLi-ZL8bGDU zn2BK^cG5>6N5p=~&3G|l8rZPvLNBiB4u)~@z@ZjH#wb#c3|X!8?4rkC9$JsU+q4z- zlJm3O(}J{U_Tn#pmU#_R@7X$=#ahOHocEY5% z4A7PPfxzjS(kz-c?fai2k>)PM*Pu5oIB23N;IhUe%;xlEpKXE|R=d*+h#H*kCg0~pM-K2i`^LwM>q}9P}{;d5@;o|Dp^W_=%*wNl94sL36 z0B9CZ9Vwq0>8YI_xn5&h+^;=nPh@)|evy5IS6wJkV9^r>S@viI^U@PMV7Qp84>8~f z&1*4t4fOepu2rRx!I02!EDhXOZAu_P#MsCk{s}E~UFa+#z5CRq>?WdKGXX$<_~S@* zG}J#!6dnK(cF&<;ygKhk(tP3SF3gv4IKW)d&rJ><3>k)v+Zxj6UusZUE`H)eMF9V z7eDW@F)6tN6_Z+~?}1pSu{&+}oH z`oYrEP*9v<-v!defIU%tp8 zlNCUCsab7*AeI-1rdkZTp+>OSlfJsbh6tZgLNcmGO__RS2Af&tC79pc_~CTp=qToo z>TXFUaH$uLOFKn%8)X2g4n@kCeI@R9mvsp^B2+~q>$ji*Ude70%%b&o(XdS|=^0|d z_7fY~go2>IKVCaK*(>Lq#>s6s2N0F&HTZboR^MzxsQ)Y2zDj~vo-t-cWC*uJa4kNa zv4<#1mkfNmD+l}Oca^8p1HbUPF0!0VoR|&fone}}EMhHPuA`P+YIjMJoIrGtn4eLJiyNCs0Ujr?Ty#&_lPGN;%HscQU?&5BrKbh}KV zzzSPdR2v>M_GGmwSo|~>W>lHzedQg&=-UL=oBF!)G4xao* zP#w*QYdPN)As|riO|WHDFj)-$L*`;JK~x&PW96uE*s91O2alZlm3r+sQ!1`m<%9V5 zP?M`Ybp5DMYdQtDE{I1CflW^Uhrn!?91?CJt+~&O#X`(Y>idKGc-w9dxIN<{?VXL# zj7;rU)o{N7l>(p}`4!kQkBub%!7eT^mMg7ALTim-qMW z>1Fog(;E=9;9|Hd_liPud~H-y))XD9sG>RoBpgZ9(1;Z)Pd7qQ`LBLl1E|L;150zo1RXqIQ7AO6qzziK!!z`^u z3~QmAh`{qvsW>YQG`+kxuYtnfF6~nL@f?1Y+h+-OAkuZd>EtueZ$RAn5J3 z$zav!;$ZR_Cu?8(CtC!|3>pQM(fIISWU2l7LeNfd4^_)cKW+bKJ%T!JQ)%iLB&FE; zbtCV&SgBec?NbnMU0TFSL`Z;Bv9)A#rPh29)z!Yu9T0pJFSfJ!OaLmnqIeenQBT$a zt;qvd$HkMMaztbbnbaSO{)ph_afqS%laF1pzd`XQSHmje->HQ#CMZJ)=I`?+V7>)0!w)J4h;H=Hbswl9($=m%< zpN)tcRZLNwo49hz%M>yB%Leg$*uhZF98PF7dxa2SDRbV{kQ+5 zqx4naFoB1RurG= zOY($8qxgb@ZZ57 z96Dy@ZaBHW;>Qe-0?!S5(rNHGBlFZeu^A-h@C5eN<4s-l6SJ2<$TDtM9B@&=mhgU; ziXgI1ae_Uh4tSJ#gUc#&rb;l=Z{YO0baYu+21_F!IBk5XYfI`KxcV=+AHjGEwKzGfylA3i z5Dtl6#0{e~8U8=U@EKv0%(5^^o1U}_2B!V3X#oBwdFjHh*Ae?rH5_+Fm(8X3XvV)gMlpk$WTIcT_DfZo({{hSTRewW0bsxa6&dl(m^g8HFt_gH#X!z&O#Qvx;jfQ{ zFZ7~x04(+DJlB$rd}eC6x-RK2QI#~Sp#tM z8-RAG0?~(wISdx>rJOver{+77RDF>qZ)Ds)gO&V_`7uj>wTmUYq`m%9QoHbU;CaL2 z!l%E70hc_+8$w1HA(VvX2AR0Wj-~gqa*pWjYZ!rhZy;m5+szl+H8PU!T{{~ui~1qR zCsZ?$CU~Iz@nK$Ff?H5!MjrkcR=x=RZ806uKVhp~u8>DvRJq~XKN#)Htt150fM zAfJi66bn9bfREhdrMt=qk=R5?^ffw*QWb=VOadfY31nJ;Jz(R7F&ToZgrf9ad0=Bq0o&AlVWgS<`v$i0?Uetpbik$nHN*&J zK{Z=F)*j?UAGP7demmV#;OkrCCFZKO@nrD7jmJd*7QlCJV?qIZe;P)?Xb)(fj|y2K8{zdmLqdvLg1d{AZ->p8m`aA!1G@%ACSVKK;wwr;7)6= z180OwI`P^IY-<;xumuL?1zuaTo*+lSUQkbfk~R%?ngE#W@3%p1rOBf2XFkG4)y|kX ziWj`sKv~Oc`mp}%o@@Gb0Mt#^M3%wELunOlt0r8d(*b`VdP)oA4REqW3r+HuhoA0@ z)_dW4H)9(S*1#(3qR*fbq zj@XS>b|?3}Iv|CU3%_o>cL8HQYiDwmJvcEV`)WU0M!r{AGaAKk#o`|&->pYRw4o#6 zS!OP+(n*QkuN#9Of#h;X|6OPQOMGsI&)1#bhijT`{1z?h*p;_78RQ1q^ASemrMHs= zYC?W&{;GDFTLZ(r-+oaLatz1-2cX45zl-I?y7LsgvDpKZQdmK-+))c@A*6<_Hh$I04{+Rduibmr@T0qWw0`-CLXC4Nj(I9@CNs4b() zy9*TX2u1RyaKQM`_(ySnKRe2QPnpBaFnd>TC;IuI?fA{V(mr|2pstC=pAHWjLBw$F zTm(&DV)-o$y$)sRh>34^H$UBZ7ztWx!BrTubS0|&K@XrRYx;82RM0>%Q`o(IT?1Fz z#wC0mrUztXDKRZf`~@Y$tO6$&mkmLhtGQFLOWs3>sDtQpiM;d#gePA<%r;2cR$wqD zkWX8Hk5mbeUm$*!f}j!zLJb%A2r?5-J|tRa$$Rx0-Mx47a*I?hMmG|KVBzUyWl&E{ zxP8BfdD8@WDn)zmYI{ytYqa~qvr%HrWXO(Z=hcR@x39Ktts}`x*E&B{*;FjtNYq5D zX?QjCQYMG4b>0)X?EzanWyM4P9`S=-P#B^6vE^s?Mv9Er|Dm!^nVFdVL8vGMFdES7|tjiH~Q=dDCrt^2aY1qE1WTqju}WhbDWVSoSKO_x|2Mj5e^B_2xo zvQ$0CUz%Ac7AL}_XTy)8=c|Qwur)kWY0UPSvtxNe>Q7n5Q{JLJ2bl_={lSXBda6(43&F0UT>_uMGfuLG9 zvWY*vQ`GHadU3Huhb0G+fXoQS{5p@-XM>;bQ?8FLC*$`>&fxciq8-L6T&B0y64x|+ znt7GivUNI*hUJsRHxl1&R`lDVGJ6$V2g#!%Aip{@6eovFQ=529n=`{~KGm0;2c92i z8tS`syyD+@(^Y9TC)4tac>#SR?0$1cTIQdFuv~f}%eTF~aXggb_DD`DF*o_*z-Jkm zH<->8_TJ)p?d?FlLDCbEq8KGRck|vCsf@0L zH|^}!Byz`oJH5e9zdE^hI1lEIyR3PHE%-5cuM<~ZddZe(SD*8WdF^*q3f`Zm*168q zp>VRh`RG>ro)kq1S6yi`*0l_a!EN zCa~%-U4^he|0AaQhJlL-00j>pDdiO z4xxrue}Fao?*Kb>DU*ftHG9mF73x#)bqUqj-ADM03WdEPT}i+ll3_RW5m@XKE7J4(ddc z^hzz%o-jdE$i(#~KTiyrnMpaRI%(Le8(4?AcM{^t`^2nMT%+juGM!DZjK{7HaeGR& zJtbTRpE+*SH+dLXrA(XTl+Kx8Gb$paN(`WOuyAUS{98YfDxtqVq}i|?d+U2lQ1=zV zoJ7C%(em7K(&xoMR*P1C^%7Kz)EVM4al0O4<4JS+Ln-RvNB2khANF|Uk)}~ng}Nz) zR|TEsM10h?r#WQBNGiR@;D=tGJk%oALF=fOC`o3~NIFhne-o@>5aY=XowS^!dMj-Q zc+>n36JAQI4)@b}>B3_D-@>(fl+OL?ma?La{96ygkNwyJO-R!vMf?N&54^S z&(o!vTR;YcvGhhL{b+MFwbvL&)Z*7o*8b*BB{-g3S0s5O8d6N|^vjRyPhjZ?m+zW6 zvx(PCpn9}z_U5%lc?pISpvOqdJtQe1QY6$QjV{t{^FzkCn+L{yk{<*#pyphYqXUy;vmrnggB~I1{CpSjDMdF zI35Mb$ub39&m1sq&jw-&X7-c}E*30Zr z?I0qWl8XY(#{z6}1Kl$6M4o1OiJ9<=5?(uHD8p`YJ!ic9wx*2@ig3AE%ZNy@E5N?F z*WODbPMT*v)@_k%Vl^j8%XJolL(^xIb_ayBl}L^7IN3fb=jB4gY zSw6w)f$V3T{*jBP+SwBucT+qq^qRl%NAs+;Br%TA!VcB5T({<}oV_u-;z|C#a^7J? zO!yyAm+j&47YK{)$3Tl+fgA0P5eW9~43e3<$(kjTO0u!6-H~abF?nS6-P!k{I&0j= zq~J?GX_8?@w~aqF>YfE>`p=9ta`Y{^(5{8WY7)irj|gfXeqmYDR838KL;Vh7x#z!j z51*6m17zd6G6dT)pH83iPxls@dZn~V zOmarQliwr#uMn;KtfrDhIt^=PjpXv5ry%!=Kh7+RKJ_M9A!$at#*3*6CD_m^>?Yim z(j}}`Twai{h}|bL)Zseh+G^XHclbNiV9Zv|tAvOtL$;A+BHooK^|ngD=-$q$%a&3$ zhTiD183?ESta}%qeQkR`*XUIQ`YG}%&Rn=tW|mIp0N~m)o1st~M$q}%361xU;>$d? zk*~ItyqhK9W45b8l!x1QMQbpVfFxy2XWQs~1e3kW@yoR57dgOqP&b&m%BM~52(8|? z2(`sPfESA3lkS7}d#>mj^KjiL%y4-3LNZUh$FDGcat5*}5uS&D4nw_XE?`qEGdTTI3jqN!L)K}V%Z8{D84WgR-0Hzu0 zw5cf-N2(Dc@xxP^D2>~*>C4vJRbJ=FKMy*fj?&~D93vkHedM;4B-H@}%R7z!P)e(U zQJb(AzUjbv6Z-l-n+L?BQSHHy_Ertfp?@ye*|*65vTLcO=B# zM&F$?F{tUnv4@7~3@B%a3!=i4Z^R@$b0pK^goY5Q*+QUAjmgGq%VCYng@+m>whv>OyFyT27nUq;wZr9i(vxt%RN)%#`Q=XVCqs%;s0SBKeB!&&?Veb7Q zLuT4ZXXZwHQBr3li1N9EqYI3Ne4ydI*}UF;E}t1F9%a|xK6qW%F_LQls={!o4VJf= z>E0xrp+meveV|6>OuNF8E*>{?bVyyK+M>;+BMK2QqTO2iNoE~VhDvDR*6ooY-BNw~ z@m@kMHrNgl`SZLVc96KR)*cU;lhKqQAd)4=X5RQI1hG!6crd&PiZ#8pPHu3L%ZfC{ zMO0ZU(&h;t3S|YOg;&S|B5RR`qj@^KIMX0mRpX}pLo!0noaie`6GT7-;b~~>`a@X) z?H4;C*SWKyVKD0(!d7u>NGxk&s2EVL(VQ;y7D%&8Q02L}ogG9>bL5R&gbpOnO40AG zCPS%;Hjz!2%~c6i1k&n6ofz%rocf4_&8J9h0dwWghhVoF#g_NVV^>f&gLajjopWe4 zlzoCol6N0|a50gAiowFsJlBFkdEPOLVr>67Pd##F<0eLBW~&fKQFKWpkV*^tJfULr zVzUa8rNmC)rLAqHWMiL+WAf zqWjHw@@~`is##HLFo_f1h|OVpxp51$;N4pi)HOLD8WS4A`OFPDEz6H zz)EZtt7n!@wxG5`)6A@QOjCHlM(f5GM~XH**Ym+K`fP^dKqD5OypVL4rMX)4~m};LDO%}V(C>l zOae-81q7>e`aTpBGM$I+h38Qo@HL~I)h_XTMQ?j41(!5^rlN;qAQ8!S7>Ud) z_GAb%MOKU06Ak3tuX;#JyslG&5Ij@JZ6awu$nVp}gC1<}Ir>(ouGaixbiWov?I)7~ z-YJC4-H80Evx4LbLFGrwpPH?p&KlAm$kSdQh`hvG;w6B&h8x6NRFH3O&9knvSidWa zo&Hpq-8H+@p|nD79ddI}=Cf+lxjJM=DJ0G_+Ome!f$Jb!%PsvMa{_1~ATNT9@_|d9 zaw3W)jJoa4k4@Dl(i{}z3NlJJZ_~z*P}p>-U(U&T_{W7%`Y{DdSQOXIX`TKbl;Uhk z9HcYW6oMmU%ofr+n^CMXss55d>}J=@KBiG#%I#T`hB1V}uWj%2<&YbwUI?wdYrKi*lFGnBe3LSh zJx&l>)Gu#Pi2Gg9VKfs;vSqQRHypg4^aR^C&K4L{l9l#AaZ7H#h4KRhcIR!2qkLTzFJatk;iZlnm>_2!wqQ;u44cxL7!EN^IKSx=5Wt{ADu$_M?n&|q zf$*M^NrlHpUWHw)F@d94yiuolPS{Jwe`rfs7a;AlVggsPbJAp;n}=76=H|Wbni&!I2Wjm;A0MhO4K; zRAixKQfr~#b4++z(H5>sD^jx&#|eS%M$)w6!JEw{$>b{%3vAQDmyi%2m|6pTx*nnm z8F=<5f78V%(}uWH7RP&b$YrWJj^Kn3XdiufBA*|Ru~9P#V@cpz5r#f7P1TfJCmZ<` zFjxNegLVMVS4af67Ku%Z~Sm) z*f3eOch$w21-<2F>?=e+NR)^>8*EqG+5MEfHBYmsyv`Bt--Df3|KQzbl@^V~!Dw?= zv7X@OXv@#R2${^eGsiYtMFadqzlDSVBG0nR< z7mAx~(gbWaD3;4_Z$5kwd^6FrC^5y7N^lrK#SWu_sMura>&$qsQlw;bhAw@~4Q-jP zMF!gPJ$H9bBcs7EP|I3XrcYlYjh(bbc1WPEAMid}7Yyf>ETMefJayA~UKk#VCQW%? z&uhGf(`Tbu)10!=kO!uqk=^VzLj@f<;lGcjA|M%i0mX zmRqI$C`gDfHZs0qK)LVFpQWWQ7KV%W;R7Y&_^_nUE;Cb9%MVDZx!UN%;Iz+Upu;)L zq-pd3jORqI_S*^kUB1`v+o~up^}wbhknM3NzeUoGpEB4a9PAV;kn7r^&i87&*H6uU z1xS*TP9MdlTm}?76rfN7UZWR-rJDNm$gyyd}Rp=~0b$)56{}oj-xNOb5 z1R;t>V6Rt$5_*Nq{IgJ>c#x*#v+Uqp#Tf|*!%RZ_yqKr;9kK<~37=_)?h3{9Of@IJf5Q9~(R~CQ$1I?VSmn4d9`OlaMgU+x_rq(4725~e5MthrCG4q5! z^AzHxH?M*2_k6&0MdR>tMua;a?~bLGgM8UWP-TXD?aWG-Pqs*{(BQ+am3#@T39Aiv z{=|zAOxKcGXAWTO|G5M`_(c7uaSg|j)l24lLO#ML+dV|+$73D-@wUARm#hC6QzxSb zvFXK5z6*PzvblegV5Y^H@G?Xk$-6O9ZoxgHmqtU)($8$7`}q>R?B3iWLvq>&v)LFK zW)@skAqBfLv;bBup9S0=#47DBTqnzlW4rUn3E=qE?k?z{i;$6 z6dN{0l|pR@&+sy_k0ZhqVS|NuX_9Vk*^e%~ju4`W73sZSL6(cWNptL7EvA*4M>5T8 z;hZ&v7uTRLbaNU|cS>jv%fzK}Zb2-Rk4m{c`FcBa2NnlWEgv;j!r;^d3XiwZJ8vfL zxQBDS(AuOz`!2egac5+j8!N?VaLp93K5P@6=d6UAdUJJh5~gk6uF2{DK=mLMpSk^O zFOmmOa!t<1pvd$zUDl&YQf&IVHHgmdrWE+xUyT=zeXUQbndwrjL5SP8SzOI4h~__9U-G zWHBgP@xM*GCp{6+*yDPCJMs8|R0pr@+rz7C2=A<(#QlFKKX_Q~)ICq6uJf##Jn9W8 zX(Ic!Ws9@(+NcU|3VlsSk{7wSw&VJn>1~vMS(#43wvZr5IOQ)pX!mHeKU1q%-Xaub z3lYM|%RAllxSqlANTw%ltrN+&EsSaI*jUKcZ`xb-vsQCl&oq8(9_W|}SbR_7J7|94 zEe4BaM17dPES)wim4?^=9a#^(3rpPqL<$XgDGQJ@fjnseM9wpyBr5z%3IG))(FAlB zU_Xb*z9xEsmb`T6LJGLxUW_QkDO?=e7IZmNCEH^mEj7{SA)&~5oE~~BwFphMAX0^h zxjkSZ*mXDi;}s#W%h{p7fJSVaCV=QiN(w}`P1MJ$1_2bz`8((>PhOqqiF;o6Nzv%7 zXZLRMU>Tst=MZb_Wwh;72{Fgj{5v~Qm1rs_#Fn~k#inN#3j6&!>$}=c!*^TZQk({Q zpnHuFnU}ke~%2{lR!Q zUSp|rN&EI%y@DC0?spFOuurB!=LOPY$89z(y?vggsZ0(A&mheON`ir}cEV%zm14ic z&%p@A<4GC2-d!u0%`g0J$Q$cncoNkw^8=pF!M*%+xnAe9zHeu-L^6H-@cmt?V~yI3 z%Cn+0weqPq5#OTp^KVN|*60Wrut)!1n4`|7LQYv7A3DxoabN-W(!YCsKxPc?RG`yV zT#Y_S68_gNdl=Ah{B;koX@+Q(N5 zg?D~mWo>&rQUERwqc=XYCJu<*_jOpc&?CNw`$TzRK{Frm8(cNOf(LC)oEViGhU@^4H za8mGiw3^(~VHaDv|10a;MvSq2njPmaW6PBBgVIv^RvV+hnAi@idOVkPrvFZP;ax8) z`?m@P#prLW^0#&k$Y2k_9s?L*&(|;92Fr+V4%<i;kY&_lT=b_y2C6Em!pNy{umL z&!k~|N2T7axjGF)&nlO>2>pY&!h#pe5e4_=a1O&?*PrDFR!VwY)sGgGeLDWkqu?Qa zTd!Qz^!;~=kCn4Z2>bC)gZ-!DvU;EW81wZ$mEBsK7+)-QF(ro~2QFUU(A4n|J<7JK z^F86#da14-b%1<4!hVo&_2G_BUAfm|J8WJe&_DXvB=elUt=uZxuncsISi|l{coZ5m zzuRTAGo|qvqj+s+J@~|iEYG8S{Y&euwXl!64yVKGmF7R~?MzEcZvEYIXf=3WsF4Ks zw5%E4p9^8Ee1@m8dosgTSM@^fcR7 zF=jH@E69b3X$>RnzwPC{EWY&@AA6kq5+*sFQRrEoVz*u2AmJRe7nu7UC@H;DYa`Q& z>6Lu$5Had|6|!nh<#JpF&sshgPt>>_D^=d&3#xRQGK#Se7ijewk>Q#_#dk)n98p5 z;ZITHZWept4)j~x&>rqQ{dMU|8r`F4Yz)R#9(Sm#K`=)2$RpOWkq7_2Vptu!7N zuIKCCXjDZjn8hC58}rU{sHBybP4BP%bw4{4qCHH7}{_(kYoj(fV zdqoxPkZIk0hoL+p>2+A6#C!4TY{tUL$>Fo|9+MXaW3v7?+U#5I`4&9VS(S9J1?AKj zCYy8)MHsJ6in@H_&3Dt zwP{ZjcNb@6S4Xl!ZUvrBn=7{sU*3O&CoNdj7%lkmbDPn+xQxQV2b&kO8qaZSz=2nt zsvJt+SoU4gq3V8R=fW9ddqW2sDez_)&) zTK#_E;thba4ZOS)v&`grSR$A%0k=V6?d+t=H7gzu+<6~FY~XXUZ296upFr_ z6$IKNGK=;HNY8dW-(!!-eb*blur8l;KV=klT(8~zAKS2Q?(B%SzjW8WUw+x?{Ps(~ z%JXygs-G*IpL5)5w#AFk>`NQgU0oY~{nox8^Ug+oU9Sq$gZy2qQ*aE z!*=`s=-AHq!tA literal 0 HcmV?d00001 diff --git a/doc/aaa/ldap/hld_ldap.md b/doc/aaa/ldap/hld_ldap.md new file mode 100755 index 0000000000..117dce4f38 --- /dev/null +++ b/doc/aaa/ldap/hld_ldap.md @@ -0,0 +1,453 @@ +# HLD LDAP # + +## Table of Content + +### Revision +| Rev | Date | Author | Change Description | +| :---: | :-----: | :--------------: | ------------------ | +| 0.1 | 09/2023 | David Pilnik | Phase 1 Design | +### Scope + +This ldap hld doc described the requirements, architecture and configuration details of ldap feature in switches SONIC OS based. + +### Definitions/Abbreviations + +LDAP Lightweight Directory Access Protocol +DIT Directory Information Tree +DN Distinguished Names is a Distinguished Name (often referred to as a DN or FDN) is a string that uniquely identifies an entry in the DIT. +CN Common name https://ldapwiki.com/wiki/CommonName +DC Domain Component + +### Reference +| Ref link | Description | +| :-------------------------------------------------------------------------------: | :-------------------------------------------------------: | +| https://wiki.debian.org/LDAP/NSS | Debian LDAP WIKI | +| https://www.linuxbabe.com/debian/set-up-openldap-server-debian | Configure Ldap client in Debian 11 | +| https://packages.debian.org/sid/libnss-ldapd | libnss-ldapd | +| https://tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/pamnss.html | Implementation details of ldap pam & nss | +| https://wiki.archlinux.org/title/OpenLDAP | slap & ldap-utils packages | +| https://packages.debian.org/sid/libpam-ldapd | libpam-ldapd | +| https://stackoverflow.com/questions/18756688/what-are-cn-ou-dc-in-an-ldap-search | DN, DC, OU, CN descriptions | +| https://manpages.debian.org/stretch/nslcd/nslcd.conf.5 | NSLCD service configuration | + + +### Overview + +LDAP, the Lightweight Directory Access Protocol, is a mature, flexible, and well supported standards-based mechanism for interacting with directory servers. It’s often used for authentication and storing information about users, groups, and applications, but an LDAP directory server is a general-purpose data store and can be used in a wide variety of applications. +In simple words, instead to config hundreds of same usernames and passwords in different switch devices, you can configure it one time and the validate in every case will be derive to the LDAP server instead locally in every device. +https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol + +LDAP motivation\ +![ldap_intro](ldap_intro.jpg) + +### Requirements + +- Support LDAP login authentication for ssh/serial connection from an external LDAP server. +- Support to search for user/groups/etc in LDAP server from the switch LDAP client. +- Support a fallback mechanism for authentication. If an LDAP server authentication fails, the next server authentication will be performed or local authentication. +- TODO: SONIC rest API/nginx? + +### Architecture Design + +Arc design diagram\ +![arc_ldap_sonic](ldap_sonic.jpg) + +### High-Level Design + +#### hostcfgd +Hostcfgd – listen to changes in CONFIG_DB in the LDAP table, and when the table has a new modification/or init happens it will trigger a callback in hostcfgd handle in AAA class to modify the PAM & NSS configuration files in Linux. + +#### SSH/Local login +After enabling the LDAP configuration the ssh/local login to the switch will be authenticated by the LDAP server. + +#### PAM, NSLCD, NSS +The file list below will be modified according to the flows of the feature, and more description in the flow chapter to support Ldap. +/etc/ldap/ldap.conf +/etc/common-auth-sonic or /etc/common-auth +/etc/nsswitch.conf +/etc/nslcd.conf + +#### LDAP SERVER +LDAP Server – should have the DB of the LDAP users and do the user validation/authentication. +Not required to do any implementation, each vendor should be able to create his own LDAP server. +DIT of LDAP server diagram: (https://ldapwiki.com/wiki/Distinguished%20Names ) +A DN is comprised of zero or more Relative Distinguished Name components that identify the location of the entry in the DIT. + +An LDAP Entry's Distinguished Names can be thought of as a kind of an analog to an absolute path in a File System in that it specifies both the name and hierarchical location. + +Distinguished Names are composed of Naming Attributes (Relative Distinguished Names or RDNs) and should therefore follow Best Practices For LDAP Naming Attributes +![dit_example](dit_example.png) + +### Init Flow + +#### Compilation +The following pkg will be added in build time: +- libnss-ldapd +- libpam-ldapd +- ldap-utils + +##### libnss-ldapd +NSS module for using LDAP as a naming service +This package provides a Name Service Switch module that allows using an LDAP server to provide user account, group, host name, alias, netgroup, and basically any other information that would normally be retrieved from /etc flat files or NIS. + +#### nslcd (service that included to ma of libnss-ldapd) +daemon for NSS and PAM lookups using LDAP + +##### libpam-ldapd +This package provides a Pluggable Authentication Module that provides user authentication, authorization and password management based on credentials stored in an LDAP server. +https://packages.debian.org/sid/libpam-ldapd + +##### ldap-utils +The ldap-utils package includes a number of utilities that can be used to perform queries on a LDAP server. +i.e: +ldapsearch : search for and display entries +ldapwhoami: display with which entry I am bound to the server + + +#### Feature Default +The LDAP authentication its disabled by default, the AAA its set to local authentication only by default. +In addition, the LDAP pkgs mentioned in the Compilation chapter are installed, but the service NSLCD is disabled by default and enabled only when LDAP is enabled and vice-versa. + +``` +LDAP_TABLE:{ + global:{ + "bind_dn": {{ (emtpy) }} + "bind_password": {{ empty with starts **** }} + "bind_timeout": {{ (5 (duration_sec)) }} + "version": {{3}} + "base_dn": {{ou=users,dc=example,dc=com (string)}} + "port": {{389}} + "timeout": {{5 (duration_sec)}} + } + } +} + +LDAP_SERVER:{ + :{ + priority: {{1}} + } + } +AAA:{ + Authentication:{ + failthought: {{“True”}} + login :{{“local}} + } +} +``` +#### Dependencies +LDAP Server should be configured according to the permission and users that the customer requires. +i.e: if requires admin permission, the Redis server should have a user with groups id similar to the local groups id of admin build-in user in order to support the same permissions. +uid=6000(test_admin), groups=1000(admin),4(adm),27(sudo),999(docker),1001(redis) +### SAI API + +not relevant + +#### Manifest (if the feature is an Application Extension) + +not relevant + +#### CLI/YANG model Enhancements + +```yang +//filename: sonic-system-ldap.yang +module sonic-system-ldap { + yang-version 1.1; + namespace "http://github.com/Azure/sonic-system-ldap"; + prefix ssys-ldap; + + import ietf-inet-types { + prefix inet; + } + + description "LDAP YANG Module for SONiC OS"; + + revision 2023-10-01 { + description "First Revision"; + } + + container sonic-system-ldap { + + container LDAP_SERVER { + list LDAP_SERVER_LIST { + max-elements 8; + key "hostname"; + + leaf hostname { + type inet:host; + description + "LDAP server's Domain name or IP address (IPv4 or IPv6)"; + } + + leaf priority { + default 1; + type uint8 { + range "1..8" { + error-message "LDAP server priority must be 1..8"; + } + } + description "Server priority"; + } + } + } + + container LDAP { + + container global { + + + leaf bind_dn { + type string { + length "1..65"; + } + description + 'LDAP global bind dn'; + } + + leaf bind_password { + type string { + length "1..65"; + pattern "[^ #,]*" { + error-message 'LDAP shared secret (Valid chars are ASCII printable except SPACE, "#", and ",")'; + } + } + description "Shared secret used for encrypting the communication"; + } + + leaf bind_timeout { + default 5; + type uint16 { + range "1..120" { + error-message "Ldap bind timeout must be 1..120"; + } + } + description "Ldap bind timeout"; + } + + leaf version { + default 3; + type uint16 { + range "1..3" { + error-message "Ldap version must be 1..3"; + } + } + description "Ldap version"; + } + + leaf base_dn { + type string { + length "1..65"; + } + description "Ldap user base dn"; + } + + leaf port { + type inet:port-number; + default 389; + description "TCP port to communicate with LDAP server"; + } + + leaf timeout { + description "Ldap timeout duration in sec"; + type uint16 { + range "1..60" { + error-message "LDAP timeout must be 1..60"; + } + } + } + } /* container global */ + } /* container LDAP */ + }/* container sonic-system-ldap */ +}/* end of module sonic-system-ldap */ + +``` + +#### Config DB Enhancements + +``` +LDAP_TABLE:{ + global:{ + "bind_dn": {{ (string) }} + "bind_password": {{ ******** (string)}} + "bind_timeout": {{ (5 (duration_sec)) }} + "version": {{num}} + "base_dn": {{ou=users,dc=example,dc=com (string)}} + "port": {{num}} + "timeout": {{5 (duration_sec)}} + } +} + +LDAP_SERVER:{ + :{ + prio: {{prio-num}} + } +} +AAA:{ + Authentication:{ + Failthought: {{“True”}} + Login :{{“local, ldap”}} + } +} +``` + +### Warmboot and Fastboot Design Impact +not relevant + +### Memory Consumption +not relevant + +### Flows +#### LDAP Authentication +The LDAP Pluggable Authentication Module (PAM) can be used to authenticate a CLI (SSH, or console) user to a Linux device like SONiC. +More details: +PAM - A module-based system for allowing service based authentication and accounting. Unlike NSS, you are not extending existing databases; PAM modules can use whatever logic they like, though shell logins still depend on the passwd and group databases of NSS. (you always need UID/GID lookups) + +#### LDAP BIND +In order to use LDAP protocol is required to bind our switch to a LDAP server. +That means, that after binding each client LDAP search to the Switch or SSH to the switch will be routed to the LDAP server. + +Flow of SSH login connection: +Entry point Command: ssh user_test@switch-133 +The user user_test will be searched in the LDAP server bound to the switch instead to the switch itself. +The user authentication will be done by the LDAP server instead of the UNIX local authentication in the switch. + +How to do the binding configuration: +The file that will contain all the info about binding is /etc/nslcd.conf. + +Those are the attributes required to set in order to bind client to server: + +binddn DN +Specifies the distinguished name with which to bind to the directory server for lookups. The default is to bind anonymously. +bindpw PASSWORD +Specifies the credentials with which to bind. This option is only applicable when used with binddn above. If you set this option you should consider changing the permissions of the nslcd.conf file to only grant access to the root user. + +So, this file will contain all the LDAP configurations besides the login configuration that was described in the functional section above. +Note: no restart is required when modifying PAM configuration. Only required to restart the NSLCD service after any modification in nslcd.conf file + +#### LDAP NSS +LDAP can be used as an option in the Name Services Switch(NSS) configuration. The NSS configuration enables various programming APIs to use other sources than the default files (e.g., Use LDAP directory information instead of /etc/passwd for user and group information). User information includes uid, gid, and home directory. +More details: +NSS - A module-based system for controlling how various OS-level databases are assembled in memory. This includes (but is not limited to) passwd, group, shadow (this is important to note), and hosts. UID lookups use the passwd database, and GID lookups use the group database. + +#### Functional Flow +LDAP Main flow – As mentioned in the LDAP authentication desc, the LDAP supports authentication by authenticating users via a remote server instead of locally (in the switch device). +In high level the connection flow is the following: +User will connect to a switch using ssh/login, the switch is an LDAP client (configured with LDAP feature - description of the configuration flow below), the client switch will “referred” the authentication of the user to the LDAP server binded, then the LDAP server will approve the authentication if the user & password match the LDAP server DB. +And finally, the user will get approved and will be connected to the Switch. +(more description in the bind flow chapter) +More description of the internal modules to support the flow: + +![pam_layout](pam_layout.png) +![nss_layout](nss_layout.png) + +#### Error Flow +Describe the error flows in the system in scenarios where external or internal errors may cause an error in the system. Describe the recovery mechanism and error indications (log, user interface) +Example of error flows: +• Corrupted packet +• HW failure +• Timeout +• Loss of network connectivity + +When LDAP login failed as result of authentication timeout the login flow will do the next following authentication method detected. If configured fallback enabled. +Authentication failed – user will not be able to connect like regular authentication fail. + +### Restrictions/Limitations + +### Testing Requirements/Design +Test all the new SONiC following commands about LDAP configuration below by using `show ldap` command and see that the expected configuration applied. +In addition, review all the configurations below in this file /etc/nslcd.conf. + +LDAP configuration: + +- Configure base-dn +- Configure bind-dn +- Configure bind-password +- Configure ldap server-ip (not necessary a real IP) +- Configure ldap port (other than default) +- Configure scope +- Configure timeout +- Configure version + +Test all the new SONiC following commands about AAA LDAP configuration below by using `show aaa` command and see that the expected configuration applied. +In addition, review all the configurations below in those files /etc/pam.d/common-auth-sonic or /etc/pam.d/common-auth, /etc/nsswitch.conf. + +AAA LDAP login configuration: + +- Configure AAA authentication login ldap +- Configure AAA authentication login ldap, local +- Configure AAA authentication login local, ldap + +#### Unit Test cases +#### Unit Test cases +Test changes in database affect end-point configuration. +Check config files after all config are set +- Configure base-dn +- Configure bind-dn +- Configure bind-password +- Configure ldap server-ip +- Configure ldap port +- Configure scope +- Configure timeout +- Configure version + +#### System Test cases + +Server side: +- Configure an Ldap server with a new user that exist only in the LDAP server and not locally in the device. + +Client side: +- Do the same configurations as in the white box test, but with the real IP server. +- Check that the show command is correct and assert the set configuration. +- Do the command `getent passwd`, and should be able to see the new users that were added to the server exists, means that the binding LDAP flow works. +- Connect to the device via SSH with the new user configured in the LDAP server. +- test priority when first server doesn't answer + - Configure 2 servers, one with prio 1 and the second with prio 2. + The server IP with prio 1 should be down, and you should be able to login to the switch because the LDAP protocol should be able to pass the authentication by using the server with prio 2. + + - Review also that the timeout waiting for the connection to the first server is according to the timeout time configured. + - Review the prio was checking that the request to connect to the server order is according to the prio configured. + +Fallback mechanism +- Configure AAA authentication login ldap + - Test that local user cannot be connected. +- Configure AAA authentication login ldap, local + - Test that if the LDAP server is not answering, local user (i.e. admin) can be connected. +- Configure AAA authentication login local, ldap + - Test that when connecting with SSH, first the authetication flow will search the user locally, and only if not exist will search in LDAP server + +#### Debug +Use Linux tool ldapsearch +ldapsearch opens a connection to an LDAP server, binds, and performs a search using specified parameters. + + ldapsearch -LLLQ -Y EXTERNAL -H ldapi:/// -b cn=config dn + +ldapsearch(1) — ldap-utils — Debian bullseye-backports — Debian Manpages + +logs: +LDAP configuration can be debug in syslog. +In addition, this feature show more debug msg in the following file: +/var/log/auth.log + +### CLI +The AAA commands are existing and will be extended for the LDAP feature support +Ldap commands are as defined as follows: + +``` +config aaa authentication login {local | ldap} +config aaa authentication failthrough enable/disable + +show aaa + +config ldap host
--prio <1 - 8> +config ldap bind_dn +config ldap bind_password +config ldap bind_timeout <0 – 120> +config ldap version <1 - 3> +config ldap base_dn +config ldap port <1-65535> +config ldap timeout <1-60> +``` + +### Open/Action items - if any + + +NOTE: All the sections and sub-sections given above are mandatory in the design document. Users can add additional sections/sub-sections if required. diff --git a/doc/aaa/ldap/ldap_intro.jpg b/doc/aaa/ldap/ldap_intro.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a7ed434e87d0ef8ce1bbe59ca12a4e82841f5f83 GIT binary patch literal 22052 zcmdqJ2UwF&vp5>X0thOd&=f-G0ZHgp=?P6j69OVqLzONdV59d?LsfbW(h`b*BE3t8 zP^3!{5s@asjonLK&ld3R@aXE*Q8&g{EtMUFqgM6VscQKm8lW?>tK@ zk4L}n{|S)F-5>v5Ish;N`A=y6t7Hmm8xJcI!4B!m?M|wkBrH7%r?>kzobNaO@ZWH` z-?)$GBTo{|-QT#o0aBTSTa$1;yT9QN|At#Va{o;qMWT^&cJlgN*KhbOF_n#rp+4zO zPWrL|JOD_5IzZ`n`$^9vaLoY#q<#PZWO0Ae9%2CiLNEZpJpCt)`xO9i?Ii$!AN-T{ zr%xVPx?BFExC^A~d0SfmV7Cwepf&*j=!O6QO4L8{NSFUawwt6ZHj-Sfq>mlI319=b z34jA!09F8D5(Wj_0*C@6&WHeI0NMH9@cT+ef(w@}{08z%mo8qSAg83HAg7?9q`F2$ zdFARA3JPi(>Z{kTU#GcFNkvOXd!3GiU;kamx!;^*7syGB*RN1qA*KEg;p`oNhWs4x zJUiJrF2H%3b7VB<&e{O%r0ymIoF_Z?uf_rZ7cX7DKz^Q#;&-;?bpYVfIg;QM)a29@ zmoAg2&YdT_Kq8@`<)ou0XJq0MH8M^bWq?UY-qG{&POh%09R@*>mTu1y62+BN4eq&n zzKnnUVPuR#Ov=OOc}`^&H~3*NCYMK9-Ky>54yg)O(kLL+|2F{u7cP=2xpbM7DN92d zALq|qq$dB}dH;}+ltpuamh)NVMS9UYdZe1-U%&sjL&v}cg^B4eD7j;*K;M)f4xdc} zs7S3kPeVonPy~D(E!Nqf!%dkeeEXOlsX|WvXo%RK*Do(S!(-0NF#|^s5J>b&dwqZS-xvwqoZn3eVAJAsAva0 zOgKLXa%f;{tvWcYuSLwZb5&7Fwo_cH(CQtV`FZ{u*Nc8qaoYjU9>?EV9S`hcl=W*q znmJw(RHT5h(B8F(OKgp5k%^Kut>1kSbj-{VB{5K%P3Xqa^iTRIynCzh>bs+&wQTl- z``mYZYqP7^%gv7NwEUvFrgn84_vF?5X~^Z=OI~Kbn$`Y)!m!T+Iz%vdh2rrv%nfh` z?V=vBg2=SELirMr|qx6OnH}7dZ?Q z{2xaYrw&XM*7Nc_xX>^PS6@+QBM$SpVgR z8v2G>BQUL<)*c>#s0V;^A-Dewr2jF-yq)cTzT=cU^gADwXWdu#6vKXWwGBqm_aY@U ztR>%3alo>0?pL~*&oq|{N>?i;*!Y&7XPd$OuaJA)oqh8rK&aE2 zVA>aT!dpp0;{k&~xwuwstyMVV-BPrL(;8``Mg&%~4a#C<3+^xMNQ^WFDnk{YgdJUM zrL;9yHamFItEE-7pm?s~W7V{zh>y#gT#*iyKw3^qmd^!TwxaELY~p3}!6&A#z7yxd z*nQ-`IlLHj^}D$|xnf}G9&;hwMHa#j7LdEQ-R;XANQPuVB&q~1V6RHL?9IQeIMp3I zU3R8{74Q*PCzxYb-fY%?jWpo!_y0(STWf~g_5Jcy@2}cFd(HsM zCue|dWeJ?^JdAnGNoL!BaqM!|+}`a!%mhEzIpZ?`@7fu_oxO1+aJS`1QSoP7e<_yG z*C9>3+L(1%duNT%bo~$Wm$~$Vq%%PG(HUSS^p9{bhgIkAqA}hd{>bwev#d|Sua%(P zz@P(8Vw2=o!81U@_cK5})pULOlRm4=|0|90uSAuN(EZR_S@il2(#`OI*GX*Xm($ct z)4$9gMG+mBA&euVxi0A*ISfBTVhZNn&R5-z|IRr;UrndA zAjp@R+CiFmf6w-R;2aaiI`J@Cc4A_f?IGP2bUuI4wn8-u2gVO46A{U|$nnH@nj0@4 z+H#2|kLnqEsfu;L4Q{E;%4P;c`HJbSNq0!~sp~;PIl!ZFmui9o$?|lCjp%cTP zs3Vc5d;!Eq*IK(y5!1&~KF;qHuYisO9X~I8DgT~Za}a29SaJpc?pgru{=|Q}5gdP# zRJ-@+Zv_)kYwGCjlj?7Vr?BN_!0UrQCCm~4Cql8ys8l93NGj3@Zh#n_Mo6@=ulop8?W)PIo*GMo$&a03*(% zkxTIT;&Dz}ASrhohod?9HFgFVwUz6UAF)_HG7Jw|aKp2SY`R7scYJL0JOc=NlsxqA z6P2d_X2{WKw8LO9*lTsjW7G!^9P8S&Q9s=^$TqH}9TaCa%OvIkOz1VdvAWT{=vQ7&dEVai_77p`!`dl(hw zp&HFF;-0a=%e?Z^w*Z|1j#)o=BjoxiEC~9vqs7*}C75`8;r7Va2lwXRUq7`u7aiEQ z5_E;INB&}T?7Q)1487iaT^yHd^>om4p=Q79%PU6ElF!-k=ipidqtSaC$j9L#avP>f zQBA{Op;*^8sgZ!JkrNu5??W#ne}zQvH0h2^l1JHwWt&=O(ir2oljP+Dq~I?uUdFE$ zvYBiz4cwTAIP4UwJ?ZQ7xNZ30y^d3onHgkk4C0{0%x{uUU{Ef14Wc|6pn`>-EZKSF_a1d-J~g2f=@|MgHGKARXcPtuKZE zdU2r82$i>qpf%qLnR}Gxj1c*t9C-)xR*t7?hj}bS_AjF>eoISzCsAPYnzIv^s3%4s zT`v)>%_PnV$@U|rySCQEdrT(PyVF!LmjcQz6p)-CUny#!_&j}O_qWtK3$ehSqKKr_248EJMF z!yC;Qe;fh;;G(A_pNqiV-E)BXIUtVAg+7Eih-JKt-*szeg24~r7ki!S2=fmcsCsGe zW|RU&#we(cs`V0FL0c-}4$ED;pN8=q#2cZ`y>lY+jrA(Tbnk*k1!Y@awhMG03rqBO z1>KCi%-ljF20l=!p@r0J@M(9P5;?gO;{&-w0N()&G|cud-~A=|Wm+3E>0ZqNynWn! zc^6tO6m=@lo4vYoqd|?Pnx`n*@W^@;jOH@%eIh4sdAa##UOnvyLB5`2*#`fU32!zT z$1DxAmgt4Av{e(c>r}sHFYZK@8bVx*R-D=dRG4uI-ImQDOs0ZDrYwZFXu=d+nZ>1x-YZ?6xyOBZ;>eZCB|Aqzy;8 zpy$0PV_+Nu;0{BU^{_H+L8HVaw`~3XcsAy@JW0jmu$jmmO{1sSLn{AeFx4>higt)Rxo2r+xrWYb(=2Nd( zvRX4$)qUgb^I)Kg#c*x*ny84S<<$~aJmaZ zb^2POG%;8e?^=(QOJ{(+Tk_0*92q&i|JvTXCj6IOWw-Qs+iGF`>mTO7`8j`4{W0AR z8)Rcc3*UZmSnHua1AKnqck6Ew{2}{e9xi^~R^Z6`UR#>YCwT^V{p|Dm>9N5?)-%A+ zyS)d0$o?|v{%ICj0o}FRDLQrGjwG(!Z1c^55K$KQ^-0 z%t3p}HTkB`&%Sy3+_l{{?QN=m1tqA#ya%gT^Ch&*sb~_&$5ZaM1&)s=gTA1#3ukCnY8)? z&~qzD3!*EwSsh+-tcXD%!lI%Y#CD;ge)LhslTC`d)`lX10wqL#bGqCqGM ztvH%5cuI3LWL@>k&q<10k80wwUX&Z z!?fyRU;pIA73r$Bga;ng8#TgJ19Z^__b>?(SIS&$_Y|9u!*Gii+2=}KP=}g<_g#Nd zvo82$7rqf@3D=b$DevCMsTWq2$yENBrb`#A>X|T1XR}?F7&5N9jiHLf#^qS!$5NP2 z(BcVL%zP<>itTh*Kkvp1R!n4T0%+OVAISW+d%OLxpl)&Di{X8OL_vw&cyQ5e^uMgO zX9_pPeoit&cJD;-@kv`kw$& z4gdcA2FO3I8oQ!*+<3Wlwifoa3;vjz3gF~^`p?q-SBx*DsKvv*Ge8&UWLkCRZx8BOvn{2LCFM0`P?6;F z`~0`hDUUS@vP>SPl@@kKxVujm4YCRsvx5XZyPZp|Rue=hb>n~L6r>Jh&=x$h0NApu zQ25B_S-GHQ-vzrRiZh}|%{0pb#t}j(QZkQmB)_-qB@knT`Z5?7@r+S8(t+Fb9@hLM z%4jvBW86ym;$E-Kdq3LL+5P2yugK zgjFcaq4mnj=JP-bW;Z@eR#4^eNJQTAQqzMcO5vWyfTCPp#`EUI>_*ik=E{6gO)|vG zy23cJE9k^UjT!sK-uBizCbo;h=9F2BmtoGEHbPa|prew4}H6A(5*aR#jh|7*2&{F{Jk1jlS@+VETG9?uF9~d^@&DVfkWj z;K1X11!bRXrssb~o~->8EsAPHodMi}GR^?D`~=r6VTUt-y;j$0t<1jUZNLp}-#18c zUW(GXyaW$2mKQwxSE6*Hjvq?6Cl_!iH?c4gXjr;0#a>f@1kYU7G#02fGuEX;e2z@) zhxR|v3Adw8Cl|^8{Pk7x^vEZu;u+xW`5U@T&#ZzjC?6$WDKALZ?@#*?ZJw0G7A~-U zLuQSYXV&Dz7~WZ))%R>+Yzg3@TCmWz11D528=WtByV^x9pC6 zS~~GMY{E8M7(QK;ILe>CZ@^+7qZL4v7u}u@ZlNUa3mdhoWL#CPPl3`O_x&`=nI0{a z7-kmb-?ruvbpI?ei;usk2`|2q+WPv9w)or*e@Dh+Of7G~$HrjvD7;quP<6C%%g7sk zFEx_C_U^01&iq?8)!~|~+h6@`ZJ*B~xS(*pebAgJDMEY||L%WLw8noq#(t!|Db56#!ZQl0Up*mQGiqq=>}14G~Q zZU+(I^60VMjn_PSd5LbR`g+!N-@_0XN0>8pVOUslKJ9QA)moL2FffnM5OEKZL5zCX zBd*#EO&Qh)CT^C4a-B86`Ln~jY)&KHt;oQ=zHT`)<-3nEX=-}i*ik*3m0+!|Li4eE z_xn^dyxnX>@`ax(7bK4_If!#QVWQg}<*Q{eyjE8oOiS^Kv}wTHT~RISseY@m-lOS= zcIWEEQsb&WLb&t5?cdTKM|yGc89!4IPb;LR%dgRAUJoI_Pp6bvW0#B>XwFiV11AasBA zyFV@7q#;WMP3HzoF{ty4(gPz(+q@KS#yf@emrnr0j&H;iv$K$o*5C`T=R2V=Qe)f9 zb^}ttHxr^;-}TaZZZ1y87w8Ejxr_|lsqDnD*F6swQ*m%W&O`#;#;wbT0$9?GDZ|E- z9_1rVqq7x*VY(K&h}ou7xZ-F}n64IIl+=+J!JshvlL>wrg?11J6BxR};&MeV8&=%2 zMJMZ9vFO?vXNp5~>fP)#t;27v=f1v#)*lqpbj^3Oefc^8X_T{M;(jNV-Cr%Czf*8S zydZe(8&*GV@k_tsLvf*y#(nE1NbT#cfNziT_lmibfV7DiWBG4~b`*{wsU2+7?5aJl zw6iTrC%s&_!yf&*tNNBTX|O>5LXHwDbr)Ce0l!>g@zMWMg&fHa-@%u`0?{aQUY>6-`2s;FEHA*xD3sS+Y4o3t~gGfJ$Q z4qSJ@4z9shz(wOYF^rF{H1@bZZ!fh;!3N{t0@l@jGHr&-mf41h=5J>~uwIVb(v^V} zshj&n4aG=uBAUh_V0w?TI^goy?=cC`TSFgRYkM!XdGH@@ zJI3i*)#?d6m?C(gUHa~Q#c5W&7K*QL&D@W104*s9i=1<=pI_{WmVv=6H5^oYsq@D( z(bhFm!Hnxj1GA{#@D@b#esiZ3;`XMx<1?3fxudSYWU1@uhwvd4Z?k@)vY?W|FujJl ze=7>3-)kv9S@Tl-m6WG9Mgtud^JbV91;!8k3|FGPe;$EUQBmy*3k!4B)`z{UE#U$w z>*nnDmmXdkS-*ZUKl9G}JlpN{GADfTR(Tj@jUTpH!wmlr?3`QRmZQLZb9B>MEeCQ~ z?^^jK$^n;YBU4h{daGZ*afE1c_zMg3z5B9w-#h-Y=l3a8VccIm)#0kT?lrELqldm(LSD2}Sq0g8!g84EU@m1{!7^|^CXv&eHNAL%KJ9_c zJW}SZjR^M{UyU0SG}O%n35v`!x`Yxbs%2EtI&|@{;GWHbg9K9?Uyq6%pa^Q zJ`o0mLm#Mj2pYM7}0uM7Gejs2cWvMKqH9C~3}6@lXq66`T)wF=EBXihibwO7j2qhw;3VV*t$le27X z?H`}Q8Rw1o?2VhYS8&vf-Bc@D+cz3>EDMimyu#pIjO#+0=xVee)5IiRc;uO4mK+c$ zy?nGDZRFK0hb_VJfev{I_d%prgHssh3xCTYPyL5LoNQ!mM1a7IXOmC1LNMQImZO_o zsO-EBu2^g4>)YC2#l))<5e4YX{nx&s!^cVEKOO4~b>Sm>0Vw-H#bM{xCxO);J~RaW z3^;P~u8i_lUY0uLk6Tw$PMk9yG5pXwS_~`W&XM!h*eu|Vb`k342kFIoC{n~z9$Nw5 zZ@3ty>&T;wA?AZyHS@F%$LTksy<`mYD2u*S8ni%(P0TWSBemGF87!BXERjDZ&M#JvxU_SeODfQD& zL}xhm+3CB<`b|G+WOMJZzEU*I91?4QRp8A~>W3t^*)>Gf(}X*f-rbRZ*w|KSF5LTh zxAUeojc_?wU)$D$As*yb5q-d-m!B_{qiGM%rX}db1Ho!2RT;4lNyZ8yAvkRou`-s} z@{gWB#d6wpf{kcai&KPo3Ut*sw0!2Z?6=dT=ylwhbKohoQpluI52Dqw-Enm4&>HjU zxfcsH6W)?>y!VQG9VZ;`Sr+x!2yp4^aq}benlmF`M#g^!(o>P?c}vWTiZPLb`5b~4eb?aq1;hL z&bV8W7P7RS&Zr{6Eny=XN?gzn7k7P!Ack5&`eLQu47*GaL)h4w>rlxw*%mX_$*B@< zk?(T59JwkVYEPJ!ba02o^4lwi`8vH>qk+`s!}a0BCa5^g?%wioa8ltdf3lG%wSwKb z3ye->DX!iPU6oV5j>`Oq>1c3!T`u|qF&6>npO5w6jtQhGc(b!9C=_A~_rlB*Ig`Oe zVu`c@o@Mbf76B6LrGCv*o7LsaW1B0^5}VrZ)yngXxMDk3V(l&C7Wbjd!0$ zc&tF{DWF5*csQ&uMg<*m5uWeof9|K~vm1pgHrENjQzRK7Fd90BIymJwr88gf#U{b+ldVK+3tDQ7%&NCV^ zW2%KQ<5OGBD@wpyOSd1_-SYMU4&HJa6BeZI`&<#8M;F6x6A2Bc5HG)w`+3x#iPeQS zD1cIgf_d-0!~F~^v97LN?b{t24rXz6_SrIHA)w+tez?BM;y7F!6IUhnwVp)_zih>| z72CB{r?nl|>oe!4D2VkwBmNH~mWIX+IegB`Cl5Yip?5g;vwbbV;4#MnV z$Z^Z!;!xj|(RwIt8TGa_TC*6-Kqa?M%hWJ#y8u?fd^HfIZ(DaYTraS_HFC9M){fao z(qL>`H5F-S)cmn|v>Q+L=0h|Fu2xf5ORFu%qh8NJ{YC@2)f@ek((MH{Mh{mUc)O3LM^UNo129jC-&9KaGC0V zGb-gd35Tz6saA_9nTz&dKNU{%uW+#dA)WkyOYGS|Bfvbp2%3X1!? zX7~9!SuLI6xun0Ryr`QaZCPDmH~j7*cuIAC^M%7z>f*ZZK-;X9S`!Aj7h*X!PI(IR zG>`AvCMYl@pA7r+#m2{z|832Sv>9FL^M!TUL-C zb;$*_K#HeRK%uB%(h$IL@t`L0$LAt`G8LZQxv@GdxBulA>d&GXf)bzeNqd8x+u=nw zPW0${8EC4#vY4-vGjz(BmMTJ1M9gLz$Y1Mz@Rmy-k||KlP+#@@t2z((N$8XXg37*%qv>Tb1oqA`^E*%#L8#i@skw zwYJSSB`QOP^5Dt!1OYt(B~1Re=HodN7Yx^A;$m3+V{*dGQ52@J>arrf##h-?2SB4K!OramqCDlUy(!Ohy7iu0?Kpid=NY%Y z?3SEE4c2Q{Y>;cbsIDJ@RzZsaRp*V;)VNOOy^ziu7eCXwB2I6 zf-N})AklC&X)1-Dx;Sg3iEpmRqi*fel%@q5sr`6Sl!W$xe&%w0=7%>~xL7OiyC`>h zIFDUG&fv;2RtR|TEx5xmZf;NA@rrHo)q@-T3Uv|i1?!y zX|%yB_90}?PKs)1(PU`~K3g?wCihmqiir>J{+!4^!aTVz=_BlgC=mErrWtEVEmHht zDgU`rPPU={vqk@C)prgyZ0h)c%xSA@B0m?cWU#|2?R)1uA$o?hj*MQ3AFU#y>ge(P zqmm4Qu>@n}7%kZ~>5pm19IzBxoI6^DG*6P@4sY1%0Mo7CI4o+nuBkLx9uzMP+3J14 zov!v|ackk6Ykt`9lj|{&RnUl7mkrx0ZRW7_qRXz&*K2b?(}Hg%aX4Qxn5~DdfuyQY zpG^$Va0JEy&Ap-73^D;S(XKSc7t~Ga8_HcD?JzGt1Jtz)1XZ(y_13l=FdYroGosb68`2{^Ymkxp6%L{{veXsZIh(qyv0Mi_=QgCPP^U+eL+Tn1T3`C094 z)(Eh3ePO_;@GBY9M)S1lBD8sfiyDJypRIg`W>ksz2+h4TqjLU^C56ItE-BH++JeaI zcJ)l3k~`}?h#tSvxAwC?MT%s-g!sn59L6eFQfKbhZARrslCxO{Yba42ve}PXW8CBr zATW?Nq0&VSGlxkh%gi=>?Uno}!y%_F5&Op6%0u$?uZ?63;)Lyx8s$FUikh2jWLi>? z7TXuV5!3b4<(dWW0;vAEs`;lU4@#%X0wqqw`=)Ev9I0M#aG^PTm z(@k2b-Mw^fs!31yr|Ra0;I^T@fRSS)XZX63QPF^31@rJCvPvv1tSc&9#o7+PY%Tc> zF*XZsudTQ$#|rg+&k&JK*>0|;etRP$>iC9J-98M?LeyE!Od`w`^HwHu7pMypxIbze z7qmNw^Fq4NFsHyTQ*Q38HiLoOpPeNZ!JS?KKl$|_Xni!)DQd_bAu+jI&R;$FL**xn zn{4#Geom$Cn&g0v+k31j=_&R<5jgJR&c1%@)vtX0qgdI>qHxtV|9$ZbT+cEMl4r>b;dP#%j9<4@XnB>bj7`4eiX0i&rR_IZ4+?qW8 z<3Nna5FchpUpR%lAF`X9mQ0#7;ESFOx&ACtbp7V*+o(%)Op>Ffre+f=CABPPfQS}D z!AA}!$sKx{HQ^{I8`>pcwiSjd<~2hTnA&m{;aF_^l>x;<-1@wYE$H5WTm1Zl^hLPwN8ziLC56mkdz2Hi>R&b7z8@vy5gBy5;FXI)V_;eGwykpsmzNH2MP*>-tg z6JgVaNxxI^Tu=>1yPD;{MJ7AO_TujA`9-O$%o(d%iD_l--9#28IX$X5WpIjAb8-GD zM@9WsUXBc74Vc1otSS)~NS!|&9Ly$UnR)l=HnmO)OL>_q$ET{#5>N-Z@Y1*%nGx&q z$lREbh)=FQ(ju{;nkCZBin6@z)iU^MR9VpI59nLy>#j}+vU`AhBbH0ED5{3e4Bq#0WAh350mM|+_k{SKId zgZv4N^|$BuW$yJ>J96dpxGfPv6DF;8YJK>=Dwd#AE6t_pM*s2~$VQUWx|vIir8l6(*=wFL zxA1LU-Ro}4f>3rlZa>(M8QLt%cA2c;0&O#g073g9dnnf;>WP4!pj%ja-4e$odagI- zm(s&b?@sFu%+`Bj7LR9UylbiIxwra8^Z1B*oboJ*<scx;zwj#~meMo+7W zU-WZDnXox1ycHSGmyby$#=e~_xDhZIc5j-beCL28H|Mb;->1^ zdF%u95<_WKTQ@lLt?lOdb!6${-4i^0 z!C-`crsY!Nq8~R#3SRKBZS9Ipo7t^~gekBhu;Z((6$=`JNLM0Kn;-(haPNyU)+MSU z1#^;y>vEKf#08{fhNU9ITe;*3mqs0(1xWrqbGyE|Xwz2ETl<(D8FeT#0k(ofQ*Rn z-s?;Q{d&5MD!8vx87rp#^IVIw=Yel!ljG+f#pLH*>s_$EG97XsZ){z5pM~yvMfv6^ zPE!ALENtwXtKIV(eR(cv-*#2TaB^(&3=r?Y$`TO4zS)1A67#0SzDKfb4iTQqohG~J z6zgc>TMaB5Qj3f=dB@WuhcEy=u~eHmBFvcQBd)Nv-Bz z>?Bp;`66(7efzs)c>qVPtk{1?9LX7i*4s=g4*S@BvOmIK`c*qJyXtCsEbpLnO=W7w z(W=D!We3-r=d(I;3!MBS9d=#!8k5&k63VRlX-?lQ-x-;?ghTKcJvcmpQ)hklis(R@ z>VD(r2i=^<*Yl3!eafG_dHT*V-_%?&O(SNLhLZnXnP!m~WPG%yd?K2+4^yqIl6i!^ zIrd5K$|0bl$=lU9li&MGdxHll^tyZKpBBV9IsSE{0rHlQoLJ`^58s*#xq|VVRqQ~Bl!K^0Bf1~| z;FolKKG#Azl2dz~bX+9>{PD5U9k$J1|w=Ut^;(OM)-U6>$ zz&~ia`N81fC&SHP?%}Dt=zw)xU14bG1WqDBTdJDi&#~LQdVQz&3Dd=XE3W>da;qsG z^@raLApCjwRzVlGn7urH90O3~l~QCr)M<*FhOOS7(W$_5svhglNcqaw+2-m!cmn@= zoJ^}tHG4`1%x%O$S?FfQlYWGKvh5SZq)FC9k~1YZFmBCTk}l0`*+5O()zqbyM+G~; zvI;IBnqX;J^@BOp+sv=|H3Q!U-FviE^5mX@KsuOC^m{ije#p~as%^c-xmXZtY7UN% ze+`G=p)e36#I~{SVVkPZe#IRRgq)6SrE}5B%Hw^_jrJP|S8<9-Es16OxNH-!4k@b0 z`q5A!ZPJcZuIb$>VX`$2j02;xQwKV+CAPI8A<4iDfqMp7r?G5(P7LEokHe!-+eI_T zegr!2pe-{pG#m-viptB1;Q1CH-w)-lzbZGb%fkNT-b?(aV(S-@W`4>}uhHU6zQZg@ zEsr&!P!Y7Z@=`L=GMDOu`wSjbTj{)}RT%O<$;pJ$M2wIcu)18A`#E#A?u*=lr>zgk623zko7nh%vn-Nv|=_GwYGIwizNE( z=A=|m+tGPL)5t(tF3#fwFbyAJvNzDCGWKI@$!bwp@;4p8|B;$D_@|mq`QNGOe+@PO zd7~2w*pg{t=O1G@*_RjRUdpW*LL7MiWEd?8M27X}r)l+u^Qc#DL2+#)%J9h_c~hQd z?&axI$F9*TN%k`mBf`qm6IJ%;&ak@imsl)Dt1r@H(itSMrE>;QjV6V5*&QB?^#R6i z|5fK7dFlq)ZspGQ=l^sP2xHw(|hazlNv}eiKTw8B_3m)@15SeFbU7!;l{70FF{W zr0&|5n>NB}Aa-dQOL>n40L)2f- zxJUQV(u#}Tro8wGJ4}~LwpW2}Q6XA8g+}meJV9}$x-y+F9v*FFP`7%`P8icf^`URB zI#V-9Rou}H$*t-R(t+$Jy7H^C7RDq@4%I>gX64h)wGc{pnXRTie7q!E$*CT3QpjD` ztKsY_rP{U;78b2efDE<~Mvl9fvt(ZnnHJFqo%OVnLniE-RXht0cxICQo=s&zEK;wr#$3ph=KNUNh zaSt4F|9dYctEp9Q{8PERue4H^B$8<9`!ohLJc$k+uoxDUQ?$c^l0hyPNItB6`BLpj zw$@0`mxS4UCUhfBj8ogbjt~=G?F7|(3ZM3q^6r|C^bP8k)m3L5A}5ZMVzEw-V>{=M zA2d}-F3wr(>WqB+@P~Ttsbtyi0muKxD7-eF95EsJU)}C-&q^6P_KBM7*kX33COr5M z1JRM{xto|zj*RN-!gEgEJvTm9VHcCgMu5y?Tdp!&b;e$0H+u@W`um_Q`4u_z7{Yxx z2Jx`RC%s=v%}F8fIIKP&6*$=<&8PcxA<=q#w*)5KAzEGB)R=_IKYCK=I=;V$uFnLobIii%@7c#itFQqB6&WWZ;s4NR?{}5;+XZSYgWYGz; zc3L%MG0yL@E#BifUBMClah?O7xRN;7&z|*G?~~kE$Q|9Iq|7pl#|ff3@qu=aJD*oN ziurZugDp0fpcTi+c-r#*p7m4aA6kz;Z34B6m$pf<#Fw8f)pG`{s$Vz*#G2-k4kop+ zS1g}yE1MjZ%np@%aK1gl`eFB-1bXe2yt)2LAq`! zrZjqO)|f6(ub0ud6k>%8-D$6FsI&9O+{1O0uYGhSm}+U zzWEVNC;Zk4O^jPc^^*Wr@jFk|<>J^WYf7i|J(Qs>*#=kpD(+$yUeCa@k>`|p*! zV)=at{eKLvNz3PT7440`OS_I+{@cUfirPG|&T6t_u}oS#G@=8M6$Ty)b(hxluPAa5 zw%NG#F!*RW;nK*kXb0{smHQ0Wx5zvEZ`RBk!A2_7$W1+b43fuZwt{4e4N`f&egW4k zX-Fb>HAbTe+*`Sd-oQNT<9Wy;9t$SxVA3AP`^yYdI{@9a;(9 z8j8fcz9WvEs-GY)5ZlM;K2i*F@N*tztS5_P`9?XN1jgB;0>h4FZ&no z#Th#*5g&$};U5|~>^(~_^@w7+}BXQ>CW*|D?U;T+DVZYBx$hDYE0G|F_(l4B)-X6WA5PjdxyBvOOs#ay z8p5cDOWjZV1k~Y;AHMf-u<}h3N}7%%=BJ=jx;m>4%XI{}s4p=AMvRY}QWL*ixe>`U zq2-T!LxrO2May-u z|Mv@%YGnMSJNm?=>Dcft_3wWM_#eaHUcb<*-uZfCJxzZ79ZUL49ers1eh1SD=>a;v ze(1}z3=7KX$%KYP0`1GZLASo{CW4zqq)!W?1lTh4n@gqa01RFEa zt*^t9%a)fBn2@v1dZ%&DP0ZRB<$fi}rD}a8kKe--pUzaI6KO6WAFR@a#0DZT$+UG} zYeJDpX(Ltrata*&G+){Wy>fx?GdJuQI|dvjYRBA{T5-w8xn9*@8Etz7=iknBHH~oT zEa!3o#R7yzX=79GDYaG*`H^l!hsg`gTooipnu38xn)dSER+YWMZK9se;Ar6aHV37${1A-I&+Hcv1GDdH z+t%!`k+Jxs=F&%+mIUMxinizZ*)4H*uXcBa&mQ7`)Y8@k{>&n}cByNQXicvdF@GPW zeN}zs*4wl%&$?rrOW4MF_S{*x8yw}6z%^+Gi4~E7YM8}yuO~L|W2Xcx3Gu?P>x+$2 zD+AAX*o>FNtaao$l)t<#h7@{k;|*%!`FWdrAfLWAf^H#Z?w=l4iSN}X-b&9}F)It~ zp(-?SQ+p|uJQt>UZsT<-3Lc-16)P<5hin$rQ7s=O)2UCNh+xZT) zDU8~JO2z}EU0&eTzjBMx7Z#K|wU|JPqx1u7&UmLqXyxTxtxN)>G$U z;r9}fC^M5rv}LAfb8!atccY9 z>V}zUm65L%ud4XO6X;yt9ADpbnC#j|YPut}2p|yKW54)dUGpn?71v#?H{v1+Mtj4| zf^Q|U=C|g>zZ!-cov4`gx{}Adb0el{<;qu9hYoc%G`Uza?1dR?bt}buEVag_`R|XT z1g%z@i9qH)oEQPgMO@w=rH?l^r`nsew5~4_&P3+Xhj$yD*7l80xjoi61Khkapk7`x zMpI!k3S$`)d$ZInf%)Fouz+)nXK0~gyYL*PIR!V3HshVcJT@p*1E%cHZhZYUKPIo* zkfgWS#H%^9^K0a*W@w;D(;9w`4k(PuJyJ4lF6}6}s--R}AoEy#$&gY;UjW>OELcWNGS_a2I^TM+fndpuo*BT( z3v1YquwNAwhZOY-C_u&KCb->h1bkZdH~y9(Xs}|(9EeJ>s`nUi7;tbcbAj^3s4uy* z#3d;|W0=E*P?&$cp+fx0&xXFgiBvZ3s4dj4S{G7#)#7`KZ(UaLonF^cPfldqrn@FH zjqR@wiNlNoB8 z3|%xXFaOqH_=U45#S3a8ox7n{S9y2X{Co?8OHE?0Q>4|>gYnG77xOlSL56CC_2_9^ zSvoGSkp=hJ+WSnmCzv8R9#0vCMGpBtR#~4d99r=u7f`0msV-d7cP^*n4@9`Pa@_+1w?NjNs9?MV5%2% zxe)Jqzqc||ErC~GRAyGe+gj+?9*lAYmcu2dHg+*=yAgcFGi!<`i3MH*L5N|2H}QHQ z1?5U@G?ZH3@h}JW5`GS@sP%G~!6K`s*@Z07tPaSAhQ-^M@kFk({4X<`_M^YZ0YkU{$F>UT?|!cE?9a9bLgs!6 z6lo`tUzGboNyqLv#karKWeK$APyXL}xz3=bvn{^5yX=aKkfu9;t5pWzuWN zrZ}$Ii`;KO@>JkU>IOwqArH2cbDsj~NO9F8)iCmIaWfms6pKQlhhV#n_ecqb4@`;ZhFW^p74<8)tV=Mj-BaFSD6+mXVm@lz2uaJW|+pz&d4$RWDARx9#N)Bdp5`hd;$q;mW0 ztntD}>f9WNg7SO5G@Lwj!qEj{;xD#52n(o`!2P|B%75Ch2Ny@9I zVR7MtIF@ZjN70s?tFnG{zqVu`F*6Xj*%ntv@Ff)(DrDrAdtQOw4Opo=*>pL}1J*fK z$*@sLGZ8ztFERv+v_h~n>6wN}q#?&X3v$z`L30upoq=-t!}R;ZKil@luB$o3w8H?W zqWq#V!US4tX3o`a76X&$%MJ#S&x51-LoIjYczKE_56S5|j%zO_GKRxHyj6l!KVMDv z)#J<8kkl;I-`7?*&L?AJ_t9SOuYo1hZCcsP{>DC91{}h}&^)Z`{lI!{v0m5q4f z{Z;n=YBUlOS$Z)CN&%e3uE_#ik|lUzOCM*-VD56PVidXa1(;)J^Fw2oWKS$OB))~j zj}nPQo#_baeJis^0&j=21o!%)S8Ro-1P1J-sDY|>sEq|j0MX(X$L(8QqK-L zRl*@tcxS(Z0gq}Xz`^H$_&QdHm(3B?dfKOfxCHXr07l_}b{bvFXAfg$_!ihfU0~}c z6Y{x!^c@wliPwa_A6@o*xA5E=Y|GZ>zPP8l>yU6^rm)*t<2vQDqeODGX*p@Uscx*x z%vRS(Iaqt;?hr>3X|;??Udvzlr-iipI?){6{c2>&rZ8iKpDAALm~vlaNo)b)2JI2F zURmypcYFaZ7u}E-JrfN_^hGC`W18#B>zGosx0A8(=6n)paatd#u7QMv|Kvk9!PyBY zj-09-GN5*{S26Rt2r*L)S&k}QT#C=>Xj@A8uF5`4|M&Ll}W-C?&b6 zPubpSP9=;HifvX0%H^e)?WuUj@ci-Ai9C81?(?BFImGI9?oEJtmCJxI{rBoNa-)i- zWTr$8c9J=;^mAckGJThZB;>)@%EVy)?MD$Oy-`MF&Gilde<-p@?1FwE-!`YbkIHUV z#pvFrPbXgr#_(I|Ru8E8qk$6zNk*y(Tuoes{Nbxqi%H+t0D{YZP(KeB0OVi zlo%NSUcTQSbP9xX+P^!_kVlkJTEeeo?shM;S_cx4?($5TAtaIFzKTjLJz~nn`wbkO z^ztLMJiD;{kB_@LFi@I!B*`A^BZ( zxK!if6j;d|sg$#Sg*92Ib@V6&$SNSl;$OFqpx%oAr_Wh|6aYjNGY8ul$r% zGAJ(aV}&ohyx&7A%$C5}>(Kh9zB%jK>@6QZ7m%}--ewWeeVInta!#@*2t_*hUlw)G zHB=lG6uGUNxMDLXdm@>Fp%Oau!qjGEHPaYkJWdR})xjvsWx48q>p?Mm;X5|7H|4an z1Y2~}Z%P#BD2?$)WGP~MLESC(u$x(IWu)qEsj|{esJ`0G2}ii-;k#>GjglAMqHdit z-jjoL`*-ngz1?L}a~b0_N0DFFOZAqJ&~3||bE=m2FU?u8*!2vvPs!+0%dYr*R{dKVM^ug4zi zuOYvzivM3WN57sW<2vsJ;`SMSfGyz(wdM?%K{{d>TK>nQSjcW5@n&{9A|}P-%(ey= ztEttuK~OL|OH2;xRiqnWNxxb+ien|wn&}$2#0u4UlID1aji#{KG;h>xpy~3}XpoR1 z^=T+1bgFe@Z67cxNtm?mXQA{}kL6J_XYNWBT}UKddpVK35#tWB_eRWnihk9ZxbAHH z%v#kl&0-ZdTr|zPXSoI?3MG2Ss~7HUcQNlkQgcjmxp%YrWBd#w^E*Wr8XpW;YBR!C z)LZ5O^N;MyP+~&wwaF_&dCYJ1zc|+>*CGZ-Tb3>dz4Yl4*a}9H%qwJjcxn9>Lr5+! z>maPlP&c?+|Mk97s?+^Ipee7#2aG3Kp*4Kl%11;Nt)6ML&zs#*GB@VhhVU*=^|2b> zA6OoNzKzbEcr{U+Zechr(4+`r;{X&?6)ga9_$*x*zndoY0z8`Jis&in4_Thf0lAel z<Qjzfczo>m&jbXCBNE~U;i+e!{d9UJ1m5@SW0R3UYtEU zHe3lH_0`!hHV7oo1c4GOpLpM|FdNZJk&gqctJ>MMz^T3QZnT%EIS1Jtb#u*Ft@qCW z)cmDCpY+W)Uz4wuL5B->qDdEJBT@=IzqR^{%->!f(kq=le|Vd>o64;WP}~KEwQhd- z#`WIDZX*Vnn1LUjK2|<@>3^Gtzy1R@ua7T3`tb87zJ7|H@S~@j;+Maz=bwUmzD)iL D``1%r literal 0 HcmV?d00001 diff --git a/doc/aaa/ldap/ldap_sonic.jpg b/doc/aaa/ldap/ldap_sonic.jpg new file mode 100644 index 0000000000000000000000000000000000000000..c74a71bc474b2600c1fef2ab229df39949e4c2d6 GIT binary patch literal 39285 zcmdqJ2UwHKwl^Nd4i*HYgHk0FrGzT5k=~_*&;m-8gkA*%Y=D#m>C%-FLPCO+fOM7K zrGyfi^bS&`2!3&&yJhct&$-XJ_c`D9zyCWtyzg&j)><=by;I&xd6aL699nbGXQYG?DstK86`E%#b zU!b~7b%F8{<@xg$sV`o-eB}!Dl?zl?X|7(OA>%7Qg`D`wNpb2Nnehtcc}jBXe=+>{ z0H8j1(uX3K;sgiaB=rdj>JvZe0jy+mQ=Irc{GsmYGiOgxoI82qJUQF;3V>Yj$rC53 zsLAy`d*&>;xt^prMJA!XN^^tu8ojW%kym_iNl))N4v>U`o<102>=~DkP3R-iF^EV$ zaPxk_DSG$e)0p$_KGBI&Vph-IW)>E4DH_;)?B+JKw)Kde_)0E@ncNdjlB@AY70CCK zr^$voah9C<8#TGm6BK7ITsV1x;`HxCKkGn!`l?=ZVK?0kVG&U=eK+@~G_=VFO2{3s zrHG8nwpp=3{>!i;);$UQDlp@Fd4Od;sqG5wQC70@S4ikLWMVU`s#wIAg3D{Hw_ce8 z{=dzbd$^N8pnK@bFIeQV+&9d}sCchoXISi96CnsDbzX~S-KWeFdzm1m6F%uqgzXAx7=!@-s#VKTN`;xC;b!EezHo1HC}p3l?dX+3q3*7r<~K~pre zAQ3JYgR8<-5S`IpEM2)iGTeDdDH<_Sl`^r`uOpR*9;Jro>KX_HjpuhQw8VxH`RlI4l% zSy(}?wWN=Byrj<%$V|J-z}3mR>0MR9J>~>c_a&zQMPIlft@~%N{)V$**aM}>;Erg6 z5FLq3f~@rF8^@nkK5ctc^?Lkk$G1kD^6UKCfmr4v#+qFs`XYHELBS#UW4_--J=aYr zleGE^OsY0_?G`4BPTc-!GB;9zxc`dil0c%VOz<5KO`Sald&hjo!fF#P*eoVf3J*`7 zUdqhO+UE2qA8QR$0BT@N4pwq#EQlG~bXiKsZR zQH6xCX*f>1+Z*)Z45z_7JmAwuGi}e#41>U`8Si$?l82@>XSnaf>9FZx9Jp3Fg zs|EgLV0Uaq05^(s8^t+Yl z68AT(gX$#4nF!acejl`5cI^(PjNXV{0h~<2Srq%ueeLLNuo1EqHLbSW?3zf)4R1d6 z;iuxyK0iET?OZ3=J?ze`&1Qm}m2gCL-u!>zBd&c~S!S0Pl@w9Q9X5Q6l2q+%t30QytZZnS^3W^1KaG-Ai1$@t zY6mvGCUb~Cc5o^zZu{co4iT>eo>R#+IoWxki>=5zHY9)_^Ig(yiPu5WzNey~?n&{< z;->tx?1>DG#o9|Oek~*&#w|Sd>lc9!`Rl)^LXTM~Z;PhMc7o*f-%-K!@{KRuI$Z`V z?zWhp#I^#N@3+zu}qH##QV)Wk1~-_uak=>2C|%fO_wffv%*WY z4*~DGPW9{bxOU}uS%#jlJ8geVCAl42k}A3Yg-m=f39lE@sJ1N?KRsz?BDb6CYA_7;h~xbLxDfKrK-VlgiNGoV=jxqGyqRU? zH8N+Q_A=}UXx25AJU}qs$x5Cc(lhWhJb5w(b79dK?qH*S1C1zZ+**>tYj+!br`-nL z9`s<9)opo1M2OsRmfgRQ07QSmmlX%Xyf<10XTz%PfYnI29#fT>8(TGKmi^>jXy-Ed z?d4?8g)(j5&<`~aHY?@FLyzH;l4rPHiw9qCy?(sf^=;x9ei6Km^&EKpm~xg~ruc9- z97WVjvjDq&%G*l09k57r$*M3iaNo(E&Vx z6E8}1uI#70AQh*8izb{=6^-9YW4=UlD_s~UN7|&uPDgoq&~I5x@5F2J#rx6AS`}u@ zJ$Anj`m@<6<{r=8TisWkN3@7YmH6w63|lC_n2IwbzQzT^C&M#iYPR;W;zyiR%9%}0 zW_oPO49UTQtIJbC&Yw?I z{ma^q`v~69J6vL5pn2zRlW=%GqDRX78>i{Z{>*Z)`LvGBj@kfJ+_S^0lbWSyhXa<% z8Q*tKD9zDga$zjIR!rKf&_5#A5BR+s`$nQq8zs7~oEH_tU?%VZW#kKK|(y{c`0=laFC`Rf&bl<;|>zhPA< zZ63R+_`*5pS_VcUy})TOO+W1v{V!%#>A~uT-fFtQhpvdO$=+?1P2x%=4aVTjvt#C5 zGy3-xKA8m_m#E9Xn+BrC{Hn{Wyfi$oKz}iNE?Iq}*VzK^z5O?(x*(;?I(aIKb~uMs zqzSr6RiT)~XZBMwr7-}AIkv4p(QdEQ>A2F% zis^j*&8}?-{8JZCP)XlAy&Ny@rpzxfY|!pLaqTH9_0o0^DKQ;x<%z%a8p|MxxwX52 z*4U07$?PqSrr5GO$x~pEqnGzf-OkoTU+Xo8i|IVAiiPOpZFUAu;KN?Y5_ytwc^%lKrm`XK4@(}(z z!vDr|DPQ#60lf#`V;UU;EY-4H!$_;;sh%z_ucWV?gRrrEdD(?mCwj2|omuK6C20G6 z?X5TK@56e2LByS`zLm!y#{_t-w(4W2M^7$k!~T8kbCym!2e^E|VoFHie%Lmfr*tKS zb=(GgMn*Y`3rR95lyi>e&WNI07pj>nWVRrDP1_KG>~|J7^Y><&IMQJU%B4ec)=2e- z)x&f6j2Mr_`Is0)kpV$gOxMO~%EQL0{Lv#s?d^KBsEi1SAI|?UgQc6OZ}hn}x=*i9 zW%cGP!W`*B0~z!;Z{k_;Fee(}bjIKIgWgmtzP2@CvvjLf)xD@qT9Um(=hmdN9h3HM zi%M+$ZlT(o+CY(5(A8DEcS|V@n927k8yMCUrrK3NO3X5<#NqZ+d|F368*f4Qy?WMN z%0%$PmZ}tNW3<`1&lqpGOF@FyrJ83qt2=xs{e)MHJK(TFD!V;1I&lS!G9XLB%>`04 zQS)N8eQsV5_SUI{(rWkFV9**?R z)MTN`MunWg#^c5A`(EJmz|%jj_98u=zB%r_U_sA9_{ zyDdf34wKraM~8RyA6hUf2b;cA0}44PJghh}3Q^T$Mm1R?rrG$xg0 z*pcWWx1BG+MWkO4Ps8cp##WQq@>*1B@B>Vg20DtPovB_0tGm$7ZAv zHo8L@UMB4*GN2jIEOKrRV;UKA;Sn%-PU0ydILg{cY+{s7Z>eUn>cH#ec~3Z#ck+-} zPx^vSb|`arQmKDFjmmH^?bZqj7$R$2m>`WX~7(4Fma# z9J_d%SG^LMy*{Bf-4fyn`kqt^vSR0&uOrhXlc%A>EZPvaYB0F1-rOwQEG0=^QXS(b zr)lk^$xh?Trd(8E=soP_<|btjuroZkqsxQ2T{r#%&{Rkh(b<;qC5d}yA;P*G7qZ}2 zSkCNOrf2>(9TN-&Q}c!)A@vw^-a@o=gPF$0awu1wh#6sVqMOe9d&r@pHZNDBtAe(P zm}{9Gf%=hgBWf`mTe^s;nnl_@nhiIc9H`iD)4|Uoibn9D0br!J8cyhq32fwBYZ&iu zTc#37Wq00N6+jN>yb1wpiSz!F#iR1gUUxg5JJjS&GnMN`i8JqQEW+$jTY1f&aJo8}g=LA)>x$v358k|A40MPgx!G9fdt))fCfW-8422Cq zPeB$Dt=+*nPG9@xml))b`OE2yC{?%jxA}!mXu4M_=vw9Hyzd!k5({8hMBA(HLCQ@& z%&8p-$*UJfuWH8zIugM4qVl!xZ%`XiNoW#y^+h5OMWvzl2-1f>8Jy@GTruPUwf-Dc;=F9sFWc$I;dn?yeM}t@Sx(V=C{|0~j&-}qXcu$fS~2`4JGp$J zjqCPDO4vm5H3B5gV`M(Hl9L)kbkB47bbHu>0;w2jGKWb{IFI3lFPaai;gjuKr@?U3 z6wYiz9p}=~z;fo)1%jL{)TL&)2s_IkL}(JAElas|7pLejGhuSy1Nb)iJg0kMMDe71 zW+5GhIL8V0Bw7eFC=Q~m=;CT%a#E=atE@3LwDGv|4nJg3W_lXJEcniqtOc8RNotN1 zTV+4xV!B}r2S^WxgO}#azK#XaC9s5JNNqfV58vylt1HlHZS{6R?-*z@v(lzw`^7=j zNO-TOb}|NAoj&!3mZoQFwQy0#_Ce*;Hkgp-pB?iov#8Xs^lP77U}R1*-Q*5+bRlCA zh`dAu$*xtK+w@q3ReBnWMAHJZ$ezhQ|_sFpQDJUdbq7L zFH5V3VPR<*vh@wd_dA^#ouR5ZzG+Km`n7e-EpLP))1T!^f8;D_P!uCjA-KaONazaA zq_+C-A`TATdCY1lT<(pnUvMnRwcmzrFvqi>vP9zj%2xw*Jq7QaysRiBH|CiN_K~gs zYrIwAdTWy_em>7GN_929Gy)MJ(yuivkoi9QLiEU+;*XzK!|gPXh==pnp+w`CRj}#d zfN1*Egb0m74JU(G$buR8^iF2qlCmae{MGbKkUvX|oNO&l34v41M6D<(j|W%sRLBSI zF;f8zWG{8wCj$9r4n&9}DL@Ug8B*J6*2eJOQ`AkGW?Xu$5$dW`5gbKglcS3bU}$pc zu;Ys}^ueUBW?oLEy?S6V@HdU&k_i2s@)nTcTCz$mrD^KTISh#2OKI2(JjdH^6t4`{ z`efL61#ph*-@o**8rwhE5t`NCnm|j1DL0zzUy#XHHIK9l8xj}@Oh)dK)&VTZegBNGzfU9muCs0#+Me@O zTT18G8>Qx*=zjY;nFm<^`S0IQzn#^<|9$5FJoTKwKp)Tdn&*v^ylTIo*hZ8A;VZGo z1b+x(T_;Qeq(EprQMhd8x8y;-TjCh$T}F6$^Wfqe$9&c7J~gD0JJ6*F<8okF9ZwZi zJWTH{l+N^`;z(YUQKi#b*>bn@96t$j&f?hkh9Z85BJblvb+Bhen0?3BG@?Co$|b z9OR^Z4yCXZ;jk*$Rrfhj^!bsxs6=zpa??z=4f^G~RI$|yv)TKjwz3WQua^aEJ@f;d zi_#|t9-WPskSn&IMBtVJ!|@A)&;PD+m-GC{W{dj&o!QP^${nP4xOQo$ZW{Ru#eN|x z(~_j~;;g|kWl6+Y{|6gt?awdQJKZzGt~?@SB2oOr+-DDOS|L@|EKdq`!pZvtVBHan z`AeXrs@)1M4*{xP>Z#{Fc zkCATQwRZ%$1hA)XH3JsFAAT`X$y_d}Sb8}mnx@@guZ@a4JV#Pp*w#6~1nZwY+`nwEU{~{2VrGj?f?E0*=EnJ@6@=ho zI(!z;Ylwm?Ct7fK-$w8FTdgYh*4<0kIL3+cO+Nrf!K}ofDFa2mZPTjKx+;Lrsv`g( zXVD1f->QRb%NQErO@z%*59qKwPlwA(nD6OvgBogPB0c)0s*z_2OGPS`hj)zxNnVK0 z#r)46Wf!2@u{OB!UL)5UUjButr`-f}-&S~YN_!=KaW$}r3y89(x{7jbx^{8|a=W#} zws(>NS0EZPkYWQaqf(i%i1RF`lUFeUm2}0oKQ`}?mZB~qSh*KU##eQ!-?=sfFE`t! z&@P!f-z)~Xg>9Pf5GIA_*TGN;Dr)^BH;tZdD0Xg7Psi{Q4jLOgoxEGi{4c-FI^S?R z;tXSijg&0j(FlXVxA=!tNQ^v8yEm7Qn~afAz5^S;f@2#v!PFRZ0o**Md)`~htrR+6 zJbd^Kgstx8E=A3FCtUDD^?;T*IU?RzKdqGZddxG>3`2@M0!+VX zAY1G})i|P{za=dzV*P z>RqtGO90PHz)6wI=4QHX&Vg(%%Hx`4-JE0_%6I*)&brn%?@vFn-k5i{RFFM*R-PwU zW}@o`ucByUH1EqW%g=pJ7&|co?#dt9&4PQ6XJRY71Jt}Aj79= zAZQ-DXB)dQna$73&fT)X+|kf=Xn7Mgk;mX-$ilW35~w$Sx%C~FEKT!9RR&7c!GpHewlu@vTHRjpjToU zk)zKX#<)Xmt{sIY6Qj-C_U#~geIIseq*(t>dIsp|v#I(?$FPCZ&wVI)#gzMo`|tDwl*V<+z|&ODOjw#mq2_UxGVzfl*rw1b7{uBsAf5yDsQwaj2lBz6?G!bNm1L*LO8r$ z)I^S4yHl{?4t-~D(zCvIzI$s)yZ3^jr>f#cn1kBDqjH^~r9F$w+ATpgwU(aN8~tFn zmI|Bcpqm!?iAcpayYJjuKkxRwQSeJag~4l1hyW1@+#RO$d~$yE>H* zE^2#*#b^|(YqP=^rD%g~JfbD@%(oD&eSR{*Du;K@ z32UsA{X>OD+^bL9ql>t1o2N*NND|xO<~Wo(E8B_(5fV9|6*uQLi7@tma)RqFjnKAq zM5R$w313UmF>W5{NG#d-v;&aSUw-myH2(uo{Bni%#x2&#TrTtxN&F~Q+`?-2ShSR> ztR||<&j#R$`SJ%n;EYV}=u_)}=B%#*yv-NomMNK6mD!&@kn{9T-CNV|?sx)Fxc-ay zCpdi;dI)pLXnWND8@v{$y}9SY_>z9;*4y+SfO_CsHJ6V|z)654{og(Fbj73qt-Tj; z7E!PB>KAmFVatV2U~P(_`!Ja)cs;-!ey?kr`9|?1WKkgFI#$EXseru-Ow_`8yyvhf z(U_Tl0Wr&IHp<|o8*dox2oE~?&Pq_3Zol;!XQ}LM(vRLqeGvh=Q21RY_bO*Jy;E;M z>B#$LhOfa453xT0OvzH3Sa4LEBZmX12Fa}5`Yp*}%ptV`1@O|4hs`VtRrS&%+(1^aR2C&-8^cy!)oX`;n8IfeNp47ri}DFzc7#!&oQNj!}* zPnQL~YAe^vO6NXR5M0*L@z*on2ZzWy*^OakSB+EObF@ZD@zngl z)c!*J1f+>SE1oHDK?3>`Cr>Q1em%9g&2yMSgz~vnP>woJ={qM1UkFwmk1v!+8%F-4NIW{^bbc&WM%caWd3!5yfsmqO= z?kzv3Oc-$e2t^c?U9C{}FY6&{-$5Fh62q_Q@?Prl)c)Nu2tm*mPWx%%q@T7K&S=*O ziin=8vijURyy^vZj6vmHS23(m?N!OQ+R&_eIKVGe>Y1`{$$>#hrqA}$G}fT-qcDLu z34e=-xdBFJa^2_OAV*qkb6_C-ydF*C<{Q@CD-%c)6Y0$#0HstR5^nF)$XeOq9aR0+ zCP%;-ZSM-xH7X1e35;;ua^U0&Q3}xKz;aoq&MCJN+U>JF;`Lb9F#85cGXebEH3JV? zao3X1-&{4W-Z(UIEQM&~(VyCMzoJ7bEspi@JwM?IZ*_Avl*lc)ect>>Sq%7~2!W6$EqT^vh zQABkeUwRD^NmN&-0cPfB!4oo*15J&TDM|VMk1{w^>&JVCIv|jICe1u!3IQoLp4Y^& zJ;&UNVa!Sy<%=!Pcrl_^n*sBXVXLntOEiXq-{>so`_z;&8~0W#KgD>Hwbw{h-%2wW z{Gqc%TlHGB2~+3G_Y%p{o*rQH=Dno)Z5Rf`S_J%>$y0m*l1eH4wrg2`?B z$MBL<*%>7gMj8#R9zYOqtWOYW#K~!Vr21+4j5(=)F}}6jis@GrI^GO z(tO}2o_u};J@=^y>{6mJS8j7Cr_Hz^`Hfhzbfw%%R`f_eJ=wC&gw<&>r3S6&B~m^k%oNetEP=v^F{8l3>2Dh_%Zss#B&yppY1~82g$`Q$KGBPq<#y z!*4(!0YBlFO|+;PL_Pc5E_11+Xeo!3j4Iwx#>Kf3dz7^~l@4+uwI38&xlj(ho$tdKp(5tIuIq&K5iE=_h$`y3w@1C4Fl?fGYU9)FN^xrQgnw!n zhqU}+bN#?G1KP=fWqQdqlRz1t@R*|b_}AN?yg!=g%=3n^f-Zb*VeV#W;yK_4ODNx( z)k86iPF=y(yR|<%H1K_YZ>o&P(5TN)Q)X-ioe3>B0oz0~*ItlQhLkgf&w#-okBB4X z{wcQhKu8jKM%w#+`gqx&AaeW?+ltLFDPC9UU#V4wcrFKiINLk&^7l#ZB&Be>(`)4# zAPX@u@c!+FHOl7^|AEqHlzRAuQPY2M>D7KPGwrXT11d!cq_0Tz0pQy_@+ zg+*XgE8PyzZ)jZe)JptTs*4U6Qb|?Vz{|M{N?I)%7hZN@t#{no-QjysX5wV{5SRP5 ztfweBofZr>v~kM>RTlBV34g&Tx zi+->BUoQXU-BE_s4DZv3ZyZq{-ep`DJ9sDHQcfFq`o&&1$z!fsQ&k*r;?$GBlt9bs zvz=EHBse8}0)Ir1=$fgryKZSy6XO2^a0Oel6+K!_UVDCl-v0~JzeSE0od1QjCoXQN z2$-^s-@A`0?b~8ywdE=_GE&z)^jH`f0GZIHtTY3GKwc=Nd6<)O@P34*`X_l}lf1MY zlgZt1oY1y`lJy<42R-LH74`g~O)`7(qi1iRtMOB5-!oQ2ojyV2BXr*1^TX9zd2xMY zY=+%}zn=@@J$N$>q9=@a)W#luc8w>W=fPhFmo4jLzvh&>sJ!CCvNrt#;K>q_xl@Vs z*$Aq*bd`Lb$Lr%_>0wx3>?!+S@?Ts!5kD)9cxLSvY}1hc*{mo+nRONktn9<3y&@kw zH6EfaA#V#YZ7D0cqYjp_11y}Lb?oXo?`4h12bmJDsJJslkXEI}TaM=cTr4;Fn9|a7 zqSFCQ9?#!Z>-h_O(6uzze^RN;*VJN$ntl`6f zk!I+ozIu8Gf)B2ma$l)Vt6q|BMZf+eb!VVlx)UqI!XL?d1rO83^&50n8vc3Gs9F_ys3kX>wTa#~=+ z+-c9&iS=S>W>oO9UmpQV-gTJXO5v48EgjI}$F>_OoxFNC7gh(_3=R3! zRk?x&%3_mI(n3SODsMj~_B$Yo1zTJmC1&z+bVqJvnxZozphBKeIpzJ>Xiltc zdU3pZkC(NirAlFiAy~Ud*`0?EZ^H39fZD!K!0#|d6=4dMRh%vA9iPC!4c^Y=B&}LY zLIQ=jC&q1IJgun*n`~0}tl`_F3T7^GI9}lu)I^}MQG$vE>y|0NRDn`-@QROtc z(b|Y1kBE3f*wjw7S(C6Jm|(*+5oi5~yMH@3VSyJ_1-S%O_C^&Oes!)17O=jv@Sq?m5>mr3{T7RcbE$yL5z)qYC7-kO zl%<_s{>E;Rb6W0|NDx@nEY!rVxV79IobOeNa%rW`U#|oDsWVa<6CdN;3t48IziWB- zn#g54j1`R)vKVM=rm&eolwb8&z~|l#)LGJ%CZvR|1}MEM?}&&qRC|pygkT434B@4l zGEwoXE-hsMs{H$a6Xz5C(v(NBswCR!p+8~xY#YhKc0dW1*FXErz zXQ&Pwz?m!E8Gg97GINlYc_~P_6h2 zh(>6O|0rKt;rr>R!;BM>v$~H1_0l~-SN@nCP99IPfA$p3cKpp#MECC}+&_u|+_fFc z)$@UM?*vPU{|Phg744)OTYNa%3jM1MerG&3uY20BU8n?K&it+r?>eJz-Fs_VPcFrq z|0)E~5|kK`c6zE)lvDQ-FSF{yn^iz;@&?XI*YfE<2Ie%x(0nsyfA0rB)xK$WzCRH zZP6(g`erI^@p+5DeZQHhNibgbpA|y|>81{z=+|a#7V>t~=}<7aeAnHJwuD-lUjh?` z{WMFUlTbE%aj%KT4r?Sg=Q4X`1(Qqz~pY*Rf3!Zp;2o z!~3Raxe*PKPH`A`C^_f%W<&Lty6V;x1Gm_(;@tm(m@QQA_e7wy$`;TI&Ga@o^yLA^{*PT*UQTge~jzr2YmJbLV_`OV?m zedBTWo8KwVZ)TOub@?SA9RVlL{~`Nt_nXpdO9qdR%o?pIemQVzS^}uP9o>KgEO1u( z&tEz5q2j||nf?}g))8>mrEUI>Gl%Cd$f5fGcW$E{$)$Fb%TM&s5He zYSMjFkiO(ltk>OVRDom!3ejKiV@Oa>VZkF10h;DBYGYM`&}3}8`Q@}jTEEfk9fq4F z1J}C*y(42{c|Wej=$YG?S^!VApv@PCxX^>saOP8;K@^Ek3(KLOUSe#DvgF=J3ajLG zL_z{z2hfb4VuJnvP_ME-MgAq0P%YD!%4;P2dQ(=mMr6|_IWseXX?`L`67^W5f=>z* zjhlkWB4M(X1aD}(=I!Lnq)!e}H5;64>JR)v?YA^wI-DlK5Qokrk^^4fAe&fdAHS^| z9GNb~f(vt8&l<1;a`2N<3ZNH1p9F!^7#=*O4rKsv{GDO$4=ep?xXZW=m)KX8y?hi( zWicKpJ;n1NS>G&g(krBM%i^w0m@K#U-OM63PeVf`e^RygwLcGu0WYYc=(lv|)4YWr z;@iA(wFG@C!Wp>B?|ppzxr0v7APd$;!(~E)!1i7Ze<32?iugdQe21${9Zafr`x*E7eIwLyrpFKns=>j<;e5m9Y)wbu$pp( zoEDOhyVfo^_9)QHBKSzX_sE^etfjESI-@tZGMEL8d5LZFA~LPix*z-o`>nNBhW&0+ zqnSocl3CT)@5=#{?2JypeOu?v53o1?-AuRRPO?FvTY0kaAX@c{v2Ge`uAF~giN}3% zYdp<R;SBtadFIO-1d9?=i3{OE}U%!U>v=SMGRM}yW;$uXqPTKjJHB~#wTH(1uAa`VtdGGn z6$cOBEv1!F#_9=I0FAjb3H`=E{=6jDd^8SDjBR30OmJ7q(@KxE!)OEXi}e#|a}dov zY_a2HIQh(2B51MeRn4=esLv1dbnhqO!s$hT5uwvfTuvV8s}j-#BXQ=(+pOl| zZF{C6udWs2m7=UGnj^GGJj`-Qc>f&#YKftF3eh$@H!Vioo-2$=Dv!473*@WHoKvZ0 zGzs&3O_6kQ^sGl*G<8MY`iiYVYEiuC7{+$eeqjN z`cjV`B}UkcO5g6#?3ga;w(Uzw+vKcs*gWUN?_O(izYNmf-CmDMj1Ml^T4GlmkYYkk zTY=%`;p7FiOqV*tmv17j4O_-?@V)@O4)Ai-a545Uma)SAViO-vBl+khyeAclj;r^WzYctwkQ7|y|kTc+ul!a&}pjS?KA9? ziAA9h21xsr+Twl~uXMR@wEV|wd9onVSFDhNSA2($DH5rws8hcaZ;IZNhn0I!M7d}r_;4|=BBL`-SdO^DE)vlq{$8$E zOYFTVzG-}4KY*D@DjGHx1~FXN4hX1}t;;qKy@o5(+J&V+Xjq~`BntJKi|Q9Rm6VmH zjEO-??X}%endK^%v#1x5*@osAk;vAB|Jt4fL>a1BkU(OsVU4p-Ad*+7Lx=(2YV`1a%rX7Y|4ZEuEUA0@?A5%TwhV2wQ z+>5hNTTrA~vFP5sSrvQsEXg56=Nh)~+flNlDDsyYtT(L!up~KK`WQ*FJ}iO|>$O8M zSNr2+>3j7Dkdnu(x42vbP_HF_*Z1L<&g10c(!LyM-*zQHqyAAPqCf5=-=Bb0vIi|> zJ(v7dx9DTdp09{~{6zGY`vK@xJ>zzq{!3$3vKr5WG0S9^JPP?Z_UM(a0xl>sm$?D^ zuKecwMtk6Ns~7o`XG%*r+TZLRa>-2qhKSFrH7O$G)o;4|og#TO`Ev*eHz*CmC(w*K zUevB@?NDIf|JfAD`uSkVH`?rZe-&AUi#5>^oijF0N|WwC01m5$5UEiwcT9o#JH{pr zhGeh82>n~7ac-HpyUYH{PFO+#KXMd!(|pV`c+In~^Du%rF-gA9s9;4H;#N9meYHge z9O;UQEc8&&PI^fczgS#?gIo!7N%%Cm+#PO}KUu&_@? zrQUI*Ub=3{4}d#be@u@5@qW8Qf9ujdTfkLG+vJI)iRIGi2*(^x6V{ZFgf9cxT0<7o z$~K2Kv+)H((!*XI?SFr}%s-K)&LN+nI=#s!nR4{gsDiF0*fSj|IfGA@Bn@=#5X9l> z(-0u92!Gg%5>vB%@d~BG&k{cXh5h7($E>DPd2N=0Rz?NS55SJRgR0ticTTXp$CVvG z;MH?x`?m|_J?@34{V&IGKZ(YjjU@;uCc%qqcpkGNcxhkTncw-h@nl40S%4)u0th7Rq1c>DW?yTd6ik2eej?-F{H z)mn2^VsFt?tjDNhSZkTt zA}3&tFB_XGAvTDVb;rs!D+X{am1ZRxj>Sw@n_GHdVsPycflj2jjPn@+H65q&uyaL0 zVG;Kewuvj7j7FPUJS>eDB0WF#tMF|Mf7bbw8)mky(_dkkHp3#uo>MY2X+*djT9M1*W{Ra4d z;h+7D+-7N+9QxP2@y*;8JQb?l-MQ~tAC2I^y4zz&@1s^%-giFKl2LN}_I}&r3KSzX zBrG*JXbhuC|ILph0%#>Bbsq1;E9Yw;31CeBy#v&5rrA|bNN=8@XGI;p>Nc{{dEYa* zT)K-wC*ug_Lb37D#)I9Qvqv#TqF&n7B5!4N=R-d5_6}~J|7sX9Lv3?dp52a6(j6oW^E+dS~wJKsYP(OPkQ zHQUq`^lh~H%CO9@vaJzCKn~1}DFplwd%f!8gZ$q1$&V&(S?Lw+!_}oXQ+$v-oFjuQ zE$NZ5!OeLrBe97AJ41AODLjsZ>-YU0%*Q9!s^@lXi(YNUf%*LN2;BzUR3cp-@kIS5 zD%xm+Hje5Q6)xw=iLG|`RovDb58Cf0c9{f8fx1=8wBZ;NWSunK1|`~_LoXLP^)ybk7b}?08lhNAwSr2!@a0XB>y2Z7={xv4axMHj`#ua zXJ47LI|%AmDR^f&ksvi`^R=3t1))l4={GbSrA5mkqLGM&O7rmWbQ0gK=hZzE#^0l$ zBL`5<_yB@&vf<1Hj^s)7wt^@^7~Nqwv3Gku4gjSSZ8mkyk~d z?#_8-S*K-W(dAT+`Mjf_wEx@2Uh<(0o1aVT6A4Eul}8>Ki9Z0`MuA!joNuKiUisW; z+j61jZgr|_s_Uw&Iq*ojJ7LmL+4vitYJYZSE zlylocG*V@?lHKr`p3!+_V>x#`@(`OG0m(C3;j68wi<(H(WD##iruBzT(}7~{e)}z2 zYfN8~L<(fnSK$D*RywETQD(<6au@5Zw+iyTAub6Cbef3xv$@c&5{AF1L0eRnL8b!u zc%CmxYTS>_S!3c5eouTOrHkGgiz3sb$I@=g;C-j!1iEVN~4sQA2)ZJL zf8vnk1F0yF%%;q{UrUn;eW{~B(iR2++KR~+N^p>JaZ6IvSJMzl1bD4lB}6_F-ld} zQY_{Now&S`{mlntY2z3vRq-;GtjgM+3wo33f}Sx1`|xXbu(WJ;vG z+^|10+BpReED&iMZ4+%_ujv0`C~eVPb9Lj^*WA*>KF`YN$2>Mc5~YWqkwGmk%cE11 zdPkP)W*_e@_;BoMH6OV+9lZGy?Al}N7?a~>pZNixtD?J<=zi-(d(`aCc*UO})ek`Q z{{TU39#D}xveI(fo|+x;DV|yzzcpjfL(A=}+SD;BX+9jnn7+{f@nNdN+f5GNy|>Sp$If}ja1aRuOW!{ecaB#NCKUV#VDR_p>i!CTP zU1I^Zs`KQ+%>3VNpuZ>n$({C}?;g;$e}mk{iN7~pVdN|*9=Ub9udiFr#H|f6i&AqK zrL>Q?di%`2NL)Je40h!IwD;WsO(yNWac#TG>MFg73)0(C0t7@>Y0?cL^s;may-QyU z2!VjKAbkNLB!M7-(2LSLQW7AcD7^)wEA?i-Z+CUi{m!}jo%{W9&b=r9(_xvVma^A+HHji0KsPhzH8hV>%yZ@9*mV0-#-%Pj8oM`n?FC~ma2}Cob`#{6r z-+_MgqS2U?{^cJ-5Wh?>Yo#|qVZN8mKA5FI57Kvm@WkV|aoDVB7f;GyK1LKGn}^OU z>gNYu8&HL+MrR6F9dJ0*DlGX9PF{Rj6tDBD8^(69>$A=r^h_QzZ@I4!-Jgwt`j$?1 z!qliVk>TiaF_ zqx_EL9?m!LgwtxXF^7{w%n}keLiR=Xpb#Q2ruVwGXjNA z!0irLGhx8yZL7GI0*IAGK-KU()BQ;uhO4N&EGQlfVy$9FPj=_liu~etRq}fk*&<>>DpeI{8;lRc24Hbz}`t1|eYs9a6PAJpm4&*e85^g!LS%+5YE?%3|poFs;;Bce$z?4!~i z2IHeHDyGDzUMEbf@-X;Hx-ILQeRqlHVEY$Dlu%_0l#zEK@^Zv&zX$THX&i$DD$Pou za3gAN65AhBE68X2q9b>f6VqM-G_mgiFNym+c*EO|Of|$uTR$$bh4pcGnC=*rmCmU6 zPb@{fOkJ2oHN0AhKQic6`c9ZnWOF{tihRIVm`7K)?KM0#=BIulWX~0Kjcje}z=$&; zeG6-xBO*;hAgnYu(BRH>=4Z-Kut^Zyv4hujsIxU#(0R~wlqWo2mF7HW=q5!kJ;2{{ zD3SS)@*SZ4-!bq1WnIK-sD3cKym+Y8+c?6(c+WT1E}mlq z!f@|(HTi2e`PLV9it3L#aFGr?Dc0xC_dM`qm(fyzFsQOLXcVUcQ*WY| zahWKZGf**w9=<&VK;!3RI5zHY1n9mH=>hB93cO?DUjs3CFmQ?RA#bDy+$AnBc559c$ha?$3O}&Bsty{Gk*(nU%Lhibq`jtYTyeZ{N`djhyLujX3p4{pn{sY|`TJE7A1NdCY z=hh-OgZqG%n}Oz$ySEGc!O$@S6SDm%Nh~QK#5a4k!xlS>l zUZ-eDRu ztG-8uKLf${UV34xvoWnk+}vVI@CNHF$h4~cjX9>+cc}=eX4^MnvR}J6xiR{EH*RMa zAA+b9fv-F)Fe+U6I97kDuFls+{5l3VnwaHAviQD!WTL1z9ThbJD}LJp@kHe}>i3D> z0*ejZF(j;%(TK<})CA_zvM!YAo0yd>ELW%JApu!98TzuQ$VEw5ZKZSadKr^+q_mG^ z$*eA97{!Na9iK2mCDGsZP62|oRV9Sq3H$444QC>2S6w@#j@(yGY-Y4d6d6h1%>VM9 zW+d`2>n?LG@fN?%*G<&>>DZXSqbC{Drv^eeR#VAT^~*3J0Ri{t1_sLX37FAF8IU;% z1H!=3_)Y%GXD>8OMwX3fUIK=nm9##g(6VwY$8+hnMMN^V?^*vw18lfW!47cUZ3W=Ogm~5-o)BRV)YV?0rU7erz;Xb)#OUvue*!5^g$%LDQ&Q&EO(Fs#7 zK=T4bdOAZ-BJxnAe6XyG3i=)<6#h6b_fpN^;zz&m_5)$}1EqcAUJb`88xS(wrLSV| z_&Ltr>v7>!^251(A(sdqXY1(Xpq8HeQ=Fm*7J3H!AOzgis0>`&fA! z@iCkuCDKL1X2+H~=~EbCQJ|*@Z#o>!>#9L>sPfe@79^#ykf_oL4GmY|t=__nL;Dll ztH5W2UoFl8q0oJ@+VIf*WL=+ifgTkdm}*~rQDSja)a0=w#&6)4GwZ=zxd^5D;Azkz zOC!Wg2OWAfZqhNdl9z%N~T7W`BUPjy!MJyfN_~f z&bcNF_dw|sS@}zyB1t3Q0ll}ITVjc2#k5-GBpSR=Sqt*y=ZiCv4M%qa2UMjOHWGA_ zj7)J?iZDg?7SLM(=}RR-l*CESl*L-G zO!i@%@oqSa`?o0;?j{9jf(#!;ga9wecZ1t zA#6?U^Zr(AxUQtFCdH2Fp^;BY~SpH5qvvC{dPsSfq@4 zNg*Z+zIgohZdZ>{M=vR< zOcj_eub{tA7h=<-b9<{_)~o6&QA|qhE`|vKnbaE&xxGL=wYZ-@FR}iF#Zz99Eox%t zgl@PCfBfMKSpxH&Q33k;8Nb$-6%KJr7FU&NE8Z^!qU?DG(_<%yzoG)4!u%Y->Zum}Dp5N?$dH z;AVDM+mcu-OfWm-y-!O5g3ETke*W_|4G9EH2^6DB@m-kwE_vSP>Jx=iKz~V7kUZOJ z9xM%>Z|(ts=zz7u3;ndJId0>uKRAYeB35lEr}W;T+c*WtR~|3L`EeGFvJdrP%jF9u zuG}#C;iFX3(F$chw|jx>LI91z(kyI8s)(vqJ>@_g&(dGNcvbjC2yz4&&Y-2s9 zBL7yMUUHoj#^Uw+FACuJTzmPr5f{XQn?)K??49S<=lrjHu6&j{4A{OcgX>*M^^^0qyP?wb-y?^l1cO){gfd1`myR>&!q z)?Hrd+i=&~ahPAY_&K%tk9}AT zD%YXa{ITGqqDcd_D=c=R{`Kdym!nt-&Wib`0GFet0tFOSwxLFRFeCK^=O2mRc%79g z;jaj%hNteJe0Lr8t9TEjytmJOPAhiPf%tMS{`zD

n(rIT6#?Vxj6S)z_LaN0;|&l1@P$?j+BaUg4AoK5naOzan2FzFt8SP8ZWbF*V>Ne{X54<#v8ZKY58M%X z4Y0J#q_W^(8)6&!l$<~bkNE|93aCHvMJTzaPH%yaCnnyr-|0QBs*sc4%-^^Q2;TYQ zm(OWD5jhTFl>V#rPKPb8ZyfXJQ402tlEVWy|ByI%9LIAix1VgV-TCn0V$=QMy=5Be zf|qNu;|uZY@jXXs{ky~V`1;#tHio2+Ypue&)c3tUOU*K&X@?$icmDfTWebBT%tM7j z?KWHJoLfKL@&=aZkumZZZ-^p#>1AITqUxAsZwm2smfbBG%DlLSrBQc=@|SWo{ZQ{mY;v zxDQ*m{q=wd4VR9%`4yLVV;5qUXasx6uBgl;=R6y)8cBo(9 z#fS}i)`Y|E-dJhc%WgYT>gTvAc=rdW+qjqJT6#&MZflK zW9;Zs3_*)>qI-wo6mX9Bjf-kTN~+|GxTQ!?1txS!_NR|eP647q+xc0Z(klU#uCdHk@BM zR6~>QP0s%H*9e2QkfqiEjN-Z+Mhbo6c6<8*qEfrotmB|4YJFzB4M!hin(I+M zEy{ZSy17Udi?AROTJNP0#>{VlqZ!DvyT!Vnc_Bw17`!!Ty47**l_j^sAvcxN*6b8e zlSaRj5Y)Lb1j8+_5 zE$4M43OnR_fMZr{UaTDUj6%lEM@;B_I44e>5cDzr5HHK?7Skqc}96^ z8YLgv)gS9(d7Q!=!B&L2s7j!zlR2mJ=j2j6?p5R7^L|2Yk-M^NUo*KmVr+`o?uceoV}lBNL)hzrgq%P#nH-L<0o6%*bGj-%<{MP|Cdq9 z($(EKb}T;yyc1ET(nXDE|0&p|E`!_X<+=T8x`vc7-1^mSvJVlpMmQSTC&O*lnr3CHk!WVkznW|5D#P1?)b7QFJJV&wM6#k!BP<|saP|&=oCeAhb6cFp% z;S-ZyPFF8=QlX1VYkJ=z&U|t$yB6^E`G*F>5Xp>Cb4y^fqysRIU@v!zNFc z`p#bL-3)p9*N>JPQ%(URCLZ`w?**E3g_)_mb$wr-dc-6%IaFn2Q?^;S=|gOnl>O~+ zMlijfrOm~VnesFm{Q@C0#Wy9MvhQ}CcFhwUwQ)J>uEjut`Krg)4G$f?C3E(@CGt&a zZjx3}4z1o@k*O(uoBKQIeeiC4&0!nZ+wnF7niO!kc1Sb31>&oE%&Svrw(y5d>$?PH z#@jlPU#D@n>N1rfR9qlr72Pt~KkQu3l#U{8Tm_5}^UVEw15sQ%Fy zryEvRbb1y3zRnTeZhk2&E@<$lQ$UOV0Ap-505D%m!&}f!&ijUPZ|3Jd)=ZCvGSY5* z!z?P;O&Zy$TDp76Kf2rD_m~n`J#4limwh)@W>%fIc@*-{O-R{Fj~zS&iaEDc3?qR` z4Yd=RA_CM(FMkX-47I45bfKsQTbN`- z`K=mIkwxg4+%gOC08{coMkr_DDDN!-@CwTN<-m+DHIh$)-p|C&rf`X<5|qy%_Vbfg zJei|*5@^lHvdDMp?>O4q@W^Ix}anioRf*;>Yq)3xP3y#0Ld-(T(@zAJyxjpZM8 ziC^O`{K;AY<5iL#Z1{cz{!y$py5M0L#7yg|@*7A{+0dvKgSqDVg+>RE=_Jv}&Y}ux zWtT;NEmp6AHF{qR(9;AASH9ZTq1E_|a@2W5Jf>4(<`g^N^4R9NB;8+1TiigvLZJJgGoF$7V@N#(eU>9GZe4jCN9*&7 z@eTF>j*Q>-yPqv7f6?vkw^IJ})hF#kin(~gUiq-t{xxc8v4rXBk*w>canH|Z;rr+P zpy`e2^MxtTC2QaZ0ryJ`V49?DETg|Vw-2?340t0!1vZcjh_gs-dY;!3-4xZ( z##Jq|a5#QqzrUYlXi|eydktlKqtt(?+xNYJ?)hm4<6F5Sblpi@%^nA#z-(dB(DQEX zo4lbS6@Hu-dF)_dV4{40@HD#;4t|44c+}6ETfqzvvi;oYB;>^tp-rrvU~u+6^xOVO zQzVe!j~3g&(C8Tzo+L+eb^{p$-iH(~_#`=FL}WoNrOBVDSNIiIU}hyJtW*P{K`|yh zvbF@@cKb@Ynrdqd1FSeCb|)@iFCF1O1}L=!f>aL%Ou)#oaa%t-ybSUQ(vHBe(>>x6 z7|_1hipOk%^kqRs@DUm#D`v=(85Sw%Smqq#`>8Lk{ngu^ggz6^%JC&`1C>O%G+C9c z4aBwjD-p%6@cCIEQ~0s@nP;=oCdXA*x+`W%HSrfTe9)b@3hH>>N}MdoX_#A&{52ab ztewplrpSNBmRzVUV7x$_6|$+;;wG$e9OJ{OAR)^LartHgoi@5 zW(!$Do8t#%(T24_*l!!1ikt-`s_trbK+4SMTz~~zST;C9HDM#HGgH@l9b5MNKzLR5 z(J6qAd}R28aD&<|^Q+f%6L)_}~I`!~+~ABafY$F#2Hqg=`B2*js#&^gsBU z4YSzb@jZBNe9|BUBgL;aC>yc2W?Z2^-`@K;0*enW3xCt`h1{pYQS~whSu|167ilr_Vwx8vJd#|kY100yOedR-^~$mgj&&l9rF>#m-5JuJ4sta_SiA|$@{>|vtZgf zyX_Qkk@L#{@H@p@M+CK58PN=*`#pR`s38ad3@ zrq|{f$S(d^`NFDXJn|*X*4f#6RpzdRj?BHK@lS^BorMPZk%>_CMy6u1h(1Jg3wJ-2 zd;;y<$kn8_=t^%w2Mt zv$jp2yxwr^zF7Y{8^O6^Qg{`>3dnmC&w3H!iK%4pNm74UO}VWy?{Ss|`SX z%4(kU@BP6%=+MF`T+kg|V|EjRL`>)eFo-8$%1Y@?>j;pnqQ++WZ!0Nj7NUd64Ahcr zzPqCLR7O%Zf#xN)Ih89TMm1nYe^u{8SYY}#aO+z}cno-9h)}sqx?JR&!gM>XGCN5C zGq+?YYyQ3A0DJ9qY{1$aFXq^{I-&c>Ux))E-k4OA@>%p1wE!@y^z zUd8-6yYb&W`)c?|x68F#P{<~3(Y98GtqvoTgES)P%cR1PKvSaY>Vw7nmy_W-ot4un zS)xGq=(!PS#ijvdL|uoWOtUrkmMz9c9oT1SPrJI$z_LccV<__~d)&6nnOKt#JtbSR zl9-L3D!>pDXa$4ju6bLN2;!Lc_AU+%fKD>|@f7*y)mld7_4_IF_OGQpzmtvWNHBAa z&nE{ zc-BTnPZN`!#+>oOnru}V6u@gh4o5v~m*Vv?CZkNK3_Du#vSAECt?irKUJ7pe6u-T8 zj~jd*H-x`fMEz+&#r4~Q%AsQlPrE@R^Y2Tde+db-Lpo?xm1YI{mU7!r@*TL$C4w)< zTizpSq~q>ecV8xX^k~xKMg*fFliKcrNxnmGNbqKmuCy-m_kpUaI)eeKe_EY=v6k-4 zEEQggv--9LmRr&-Y-^kc=l4cb5l&L`Fb~7Ah|E>|TB*T%_m%q5%&;B}#F$$(wSiI4 z&G-4>-6pFfL{$66$+tiL#v1-l(@*@VQvW7!ccC(Ul>~&Uy1MEXyX2x#c14-uiL55V zrkJ9l4D2=8J=y6o{xb@~n#C?Lnt?Vpestt*if_-}^Z&1XNJBYnU(MlW-8(lBXNs;&q3<{EI^BC^0zwQ_am z8Rwec$UP|Ew5nhnxb-Z`Ps_L1BBC^_+E40gNaQ8$Zh@ud+U%dd&}4 zzji6Y&_5JaCBCSJg1zF5}K7cd&R$$tj@k{wJy1x*!lk zXAv(A_8&n56 zVhJ|F0%*3zboIl6eTgdEqPQeKb)4xG5KlWH`hLu<5}JSy)60)cMHH*$SF<1{*)lsb zC+$F9YnolLmFg7q)Ir)QpcGp~yGB%&(8g1}1L>|60{YH#+ zip@&q3(@>FLw{ba><6vLfXLLoxX)thf2I)iaj(NGvKpV1IPnimm%#yZ0_e1J!G|Ft zD))Z;?P>qzEc&-$PDQIGT_k;Fh0xxz{G{XV;Im_CadO{5-aQ2BZ$KiA3!!^mOH>LB`nTj0En<_tH7 zKkcqv!4E6pu;!Y%VR`Gh-r389J69w0g+%$jw~K%jmr-UsPIP$Rp-=@jsygSqB;@;S z!RV7Y#WRsu&DBNip0|MC+kn;-|1>4qZ_W1?zW!;hm;ZB~tp17z1B*SUfKKCQWL6sK ziNDgpfMe5Z<9IUb8F`S<`cbn~&lhAcf6wu=59|ErIYnek-6V&O8dt8GF5OQo3o=fF7#bU+oe!AiJf~ah{;LbviKFurCJ0m-1`kQqa#_F+S-5HwjPb4| zNCzO%kP@nDp)HA*6>9E)O3qM;W&D>puMOd-`_#;aHv>ytRUKnpA@ z{7$TiBerN#un0}*0L!DSBI;0*!D3J~6utop$aK82yWxce_VTynKlmOl#dXZml%STmHgHvUfgriEa3b;x$(B1DslE z<*xp!O{W`(lS_?^2~;CYTyI~%@sGVW}-HFl#9bPN_P#wm0db)RjpMUKP{}N^Wk9*a> zP_+pj#D{jeg2%WJ#bVhQYG)r^XD0BwN@SjqYAbq~(U5O#ZdHu3o{=|k$@1kXV94vv zy3*P~OEBM{PQeOXIMycMc3Lx^p~Cr-=|nRVpDM)(AuLDP{Y=TbLSf0?vWH@-tEhFF zDU;DoyZxaUvU|~LGukGu!4y%1N`v0S*#`9`xe;-CYqZOTrttYmFREt)5!hR^1@Uo- z^SUFZ8KG)@>Ee_sleN8UqG4%O_;drC3p`gIAOryjgJirk9Mkq< zv;}<|u;9Kt#G%YB%kssr?gXj*_4$(?gC1L3=Z83vwR~32G($Z-1X!Z$5)JwWvdPW2 ztqj?6qn-ln5vw&ly(7n%sEQcTv=K>?h5L1N$iv#sBy%BhtB1gxPI~*HK)b91f%(^q zu`rl}w{M}o22~kEQ^QG^X)My$<1&wp*fN98Nvl(1hlNpAHzptpr`xqN;WRso33S}# z5-oAj(q0#s1Ducfj`nWP!WlJ1C>&Un$2r2Tl-UXg9Nls8-hdZeCQyRC2Hh2qGUZJ5-xHB=iM{jNe3N#j2GuUjphoy2FWSHFQfiq!cbf5me4qSBE`S1IkBXR>ybwuRae ztxS~TF%q6Y=mvm-*1dNp=J%ihP$^-Yad==HXY;-NIpJLm-QDPMR!x2#fJtCcWTZNU$AuN&C++H! zP~OATXW)$m52*9g2Ta>bI^F}lC7!vLVVI_sGH5GHcUCwTRXtMDn7s|v)9&Usyd{?M z6D4(iG%a2wh1(cvwrpo)Qen4CUnhwgsY4!O}-!m-<5A$c-pZRUd0L0GQn3_-JQ zM2+&ZwI+B0&APpO*jU%)8aloM1j*U2Rb5@Ln07Q|GfCGPcjuaPZtO3XE>ApBCJB5v zfw`IZ{CMWx|7!#1r!$ikEq4Zfpd;<3nMh?aOX5w0sSJ$B#SZ^hJwB067_Q4iFgLc) zha={a&n5^o`r_@~xpp1_%&?AGjBw4o+#YIX=eiYjM>;^JFKR#`(U_gb(9|*P0Zg^6 zTPWYowO%N?wn0{P>*bEbatP70&_0eVdFY29)^aQdPrG@N!t~b6+Lx7CA?LR#mXR)Eo6-%4*c@`EPwtFzun8P|8! zcC_`iH6uAyTUUHyW#(hS7TlF1#7fz_Mxv4<>I`L_<1C9R@iqmNAFnTx{iimZQyH@Oi zq}?Pol=F5uID^AoIBdiTTjWM!>k-XJEH9RXi0X6eNUxOF@Q<^R+DR|XMJG8*q3V27 zY6f!*5{9DqIQa}ju)mT1gXZ%4eFxpg4I<8mmNaOPnsXr!D|hU}JXUDwTcS_}OWg@G($EZQ?u@KwZAsqR6N=bX! zfP8;U%2-=z(E^FjDcZzeT`25Jl?E_~{7jo%{%K~D z+`Oh`es)u&>@NL6x>^U#_fc`(BAtYi$6$7!9}DGiV{n~WejtgudybF-awBlrKU?n@ z$;=OIS1a8u)pKCN1R1Ox_!wwI(^DX5&+CP8Ik}8)pQ;ORqOC zbL=&MVfoiL`!9hm{F>4K{`r?-XlT3XU_@;sRavoeUb`D^iWKo~-I?Sd(yoMB%>wN4 zIcNUl0QDqU?|P9ppjXqUr4r>YC&wIUHaIz2+2~nwlEP_-PW*Xt<74=;DzJ85gAppK z%mlJdiCUlmgH&l;PXZ|)k;({=RlL`fs52=SX`qSmKLp?3B^&Ie@2d0HS=!0><{+I2 zQRVfzjL!SI%ZERV+Q)N>KTv5&9>10I3&utMtMc)eIGbUeLw~yr;iSF7WvV#n*7AG1 zkn#mvlhGL?ZvMlbrP)~P$2PVpOW_;~1PtxwnQO98=zn;`n7&_y*}0tp(Mg10x6Dr6&SZJq`g_@LAhl&?+*e*>{$O!q_erlvYvj+fEdpVhMa zdSm|s@;kdi(oj@$dg1MkEJa1dTcW6f$8t6{t|YY)7sx)h&yAm17QE)aXobIt{}Qm@ zzs>ZwFm7@8!Gl>zL!#1SwxC);JOA!_Q8xokEZ(P75@0kBD~yR~0I%nj9@%HFvQP%O z4Y@l#+9#j>h?YnFbaH%b>T&Z7 zm3OsV7d_<}icCA+`Xk!!_o|#FYmGW&L1@rrQK`eZKcfGr;l+wnT%SBD@Xem7<9_Gw z(T|7<7xy<-h64dtoy9HE{dBjVtW^wbB>WzI7UO?)W13jF1-LO}Stq@cwRmydIcJ*Z z_vnkiKPN!(WrM#nQKA2T9{+#d{_maQzj)_=y!iX|mQEMVj+6yW=P&o63Zi1kp<{=O fjlM#7!c@j(d7sd&GyvC+;D1Mb{1&ZrI{v=^nX<5A literal 0 HcmV?d00001 diff --git a/doc/aaa/ldap/nss_layout.png b/doc/aaa/ldap/nss_layout.png new file mode 100644 index 0000000000000000000000000000000000000000..c997583a37c25fbcfd4490434e1fab7d29870640 GIT binary patch literal 19201 zcmdSB_ghm@(>6*`g46&a0YV8?>7CGfldcFzZvsjUNbeAubP(wvihxS*NDra+A}!Q_ zBGN%A($402-tT+Q`4i3$xwx{k_u8{&&6>Gq=3d0=>8Ozs(GlU`;E-ylD?h=(!Hot! zcL@oAD}?sk<-i|Y&nIe%I2EJNE#S)?2L){f9GvPT;!Eqh!1sIZ>d!rKaLBrEKe&Bv zrFJ+tkKbu1D;W4%?B?CeH29I;5s;dxHOzJ_Zl9%LPsthA3#U!!bupU|q|?_o1MABx z8{9F|b5~>A>2I%m6Uu@Y9?rtW70$v;7;{H~;)U9b{Z{eX<^IJ4lf{=WEnmMm?XO%& zuRML`^VPI*Po`r(_n7xC2NJBP%!~jl5>iB>6$oL<_bEXzBv@Y^diw+H|NVmwRE)Ra zMbHIVm34PCX1oi(+-H9oq`49-cGC93wVRqr+HHO1vh&SiiOAE|0SkulSpqVKm&7x> zyynIP7Y*}uhuvj2oiMRLv|~==M8Tm>&fj6e?Ul;P1gMdEgwrt5ZjWHZ(znC?^a_mEnU9;<$ve`$%}NXoz4Rq7#^lMjCxkE$2q&4TQHWi{ z!c0SWINrr|$ZVapZQsK2dY@_BSKUTd`oC594Py)WPps~Cv`iZMW3o8j_*B&ECy6vr zh4{af>iC${*0pRBJYLsVWLMHAXIr!MdYOOmq|a;~Whjx;j*-oVkH1=8MiFRdy=c)S zayk3hIL}nk(br4R;WHf5K68*u?|jtPReieOutqL^Z)RzGCV_Fek1qG=7zh9S&vsPp zk2rD{-|d_osjkz@p=zV~(u|*&#H&x-!szhRO-wH;=u-g_{J{fC#Jzjo)Of`r;1N+8moWYrNQ782Daxyy=a=|FQVS@zLh4*9nmertDL4lJ(E3!1E4JfRWa zGX4F?xwcW(*runeC6$_LCxj^2MYsJ2X>e@Ya(!jn@ykN$%D{>8?ZeTNNv{iM|BUvN z-VX_%3OcM$FLW_(;rnO%3o;R3^~5etb{c{TiK{9zYvJk|1HnE)Zz8sh%q~ZsaWB^n zoka23Xt*a_!A{i7R<79D8?2syq_(nKoY#tF9zcPGK;{Oc%d)b(E9dlQwM)s;&QausKsT)&lAfCU86b{NnBnqN44u%H8U6 zdFXP!n|<0 zt~U}mQO9_)T>xF13EDs1d_IP7>-j^%MH#)M*|(tE{#TP8?o_TF%m%*+XPWQqiS)Lb zB?>rrvnqLgj1WUSin`PcupYL=)Pzi!oN=2V|H;gq*))KzKhjeP&<-8uYXUl#F+)FB?nO-r)NFXLTVUF9I@6-v5ClgD)9nOU z)J`<~o>FPBy31waNNxf3m6B_oH@sW$CPS;r5`;0ESsz)QB4}B6SgGI7^~wlhF#Dvi zc_TZwXBL1_X=$(GPz&j6_w*LNcno8QDN{?Zk$$n`#^saX zsXX*ID;bSQeSKG-_HnUs+xA#(aXDkvf|pwZMPCrOH6D- zCxd-UedQsha~-~7&&*a8QorQ>J835-M5;@Y%x^H?&pWs6?BqlD5glmWrft96CFyU0 z>A!hr%PQ@|e1-<=sl8uxL5KDMo9TrOj+$GWozuEoe&q~d6dlcJ7eU)J9j}yn`QS~G zR(+e53y=DsFK?!->dMb;ib=^UFLtOejw?Id`eqp@(#7Y`dYL)NIL#(_lRMmu1DUTtGX8~|3%CD2HW%g)2`#yiEEsX2$7j2 z(s5!Wls_2SjIU$5)7Q~@LElwUKeJKFnhR%UW#uD0Aw{n-_{hlBng;)Ixfnek*?s>9 z00Tb&oo=rcx;;V-Toz@zYLyh7_>r5YD7dD^FW5a?4s7ozxMUg!o1;nW6AS48d>jx?y`cJv0z5CM$7yaRO`>(OPhuz ze}9<(gnnVr`A=3p5id+~qx0{G42k_Bm(QCx^cMS0a#w3|^Le(iT;?8~#a`u3E8Os| z<)y$*+2FmI&h_&)nGV9O=Waews!Q?`v0758j+zIYcNlxg$LeV5=iCyOdcWDa)<`%t z&hIJy01#JtUu<{AF^BQTZy~jE3_iJeuTOfsEu$?OVD~ZSfxiV>Hqh(4O;lrzvb7K9 zivlXV3HZ%i_r%0XpV45ZaT9jX!efmAd%s^cT3&>BUl!=r@1?EOk7znzMoJ3o`mV-a zdaK@X2aE(rs{pZ+n zRz1)qcHwONHEy@#+P#hUp*Do6Xk7Jg(C}|F&t_5Q3C@FHMK#R%=QimrUJRq-z-Z;q zh0+p^h1J5ma*Z^OnbquXGleTHe7SW&e?g#GQi-OD;HnDSo9FsL(uQMxquCZd&3O>B zM!7uiVo}0|7Z*7dW!4=Re-p$w_2N*}>$|DzA#OBgAuZYr;&Xi0Lj^mjVywAFt8*Qb z3u3PvJZA%0-9Zg*bq&cg+BM~sgOXSU{>lZ9oyH5z=AL{~6ioHz3!a#kxAn61k1*EX0oPBv4}oA7O3Yp|k0f|B*8rbo{m z%3WLg>0U!z_S-L9_3TYk+P=2;8XBkQhk zMbi!oEVJ@AjcmB{N_*vNjocQ1u*=q$(rPWS4|O&h=cz%;nj z=1KW{t8tpGnB*nnY;|jOcW#f^=i=dcy~4^B)!}k|nFr)?Lh?GX_)+IfH)qi!S;BqA z+Bx>NeTntDfVZ^>*cHu@^!g2($dn0aX#4m3>)ziihkOKvhK2_7&1-ux*mHBVUMAqA z$+rFPjH#I8I5Vcvt$^3EeeoTi`Kynr2_8e;R^yvv1#bJT$BEkc((?=s$3I6tISn~n zob1kYgoKzjxfg2Z!YA_me}A47{U8lkfL&rPB`E$F4V_YE6&l0c>r=mx{oGj8fnX^rrPi5C!^w-tbPod(JFFhlHo_2wlUZcVVr2mX7 zxk~g^#&bR~2P`o~!b24*Fb+9+_SLX?ti>m-EZ3FWu*`k?-`{PAJV`GP)Zvc|%Z2c} z#JPvNbJZVB2_Q}+m+yE@7ah*d){}M*`=>$rKoLx(Q+Hvslv^0g-%N8qo7qo()WgvLKf} z2qotJ`)i`xPmHjaN>_TV9Yh{km4Swd9lpUoy~A?z-N>@}21210czEPHcGF+4hK>Xu zrU+x@)k}e#pO5X%bT42H`$zYtSLM!D@f)2Nn-HVmv24*H_RvEPFwUy5_2(+M)i|c^ z<$5cL2l)n-z}$LYlFzoE%VbgPF^6>E*sNtp&_g%D7lZe=zkkh;B4F%q*>B%gCQgCb z^$3j)1W?7`_kK}|CfmCdc*T^D?e05VJ|g^b3qe zGX?)58BAo5%EeWH5?Zc3I$#)+y(kkt@nsLBK`HV@WOLcz=aS<^oQA4(a$EFoS9a`4 zgIb~d#=Z}b)o}9BuMT7Rdr)N&>R5cmi;Xm0Mk0DXle+#N`Ay50pw`VBZ2Nn>wPUGE zw-m*&=rvE}7- zqQT_k*BAR8`zW~$FqqOrmZI2yJwe>e@z?Q~oKHSpy*lL}B;@3txYrLjls*X`_j#>- z0u|M0$}RYegtdvC&xk5}Spg?q0~BS7Td`D|;YfKktyG`j9`(JLCLc|3+nPamLqv$B~{ z`W9MQ*LPF41vwxj?>x0E&PgDFOkzh>`TKukx71PfTFV#N4=>L5SI>6Fd}>K6S#Cv8 zz5M;P()$AwG0F9A8-$YH@VzSgKYpR z{>9a-;)ayOBeD0wO)sJ|sEf082;QWcI#J=}8-dD8j zNoHhx$P$!bL5FdS`-UqT7_pJDI6cyZ9yFECr+FUu-IZ2Pz1T=n*Lixu$)h|6)Uu)~ zB5bez{WV|5Md|u7i17B}!=P~IIe|?X_jpscw(owl%W3yNd;@A>&o%w9I2#OL+}1lD z;=Xuwgsgwm6tk-+&r2v+RpDc}AIDBaUrkpL^EGwya+1I9CKYc|1&Js&ZRQ6o%8G=w zuO~|7IzIfv`Gr-2m28?o~ z>XC>O`_BZ&NK?z$2%!Ae4+VsTc*|8;ypT6;gGp3(<&9{5#zt1>50mS1YC3%liB+0chbjxLWfcnzBy*FL>+=6Q`at?U4;Tt1UH8<1 zg+Y$Q`}wlGG&YpNL7J`Cz-BS8Mjm?EqyyH3g6|R>edLvqal2Y1Pf>>s0**WNUPE|d z3iAEEN5b-)Yt|Gwz(5DP)3p73DY;5TaApybjLxciBu%~jpX(BmR8;cu83}Dq-Jz1t z1b=hmxAYMCY5dPPV%Rs_749%cy0mecD6n7(UiKjC{kgkb9?nCnIU->Wt~6ZnzKkSa z1_;OJh*cx(1CBCwl&;feqJ7y7glNZjGY0$+IH~B%tV@j;6&{uz+;yGZ<%mLuvmL4Z z)+uTNE8E39W4-N%W1jNRrfPUEZ{s3X(IS^#B2}G@>;)?VJb-jasCu%yP;b8PosAvU=*=kH&Q#$4IV5k=VLHuV)7LVDDgeGA z-_>o3y}Uan9(e_hjN@;IyJdgcjD%ZloTpLTHET82DE38nDK*6=x+1eODdO$K5vsba zSR7}y>u~y{Y+`HvR%jBs&>1k?EP+chMfs*oMLw{pLRabRmuEwJ036S-EH!Pc$l32! zV*)?8(~V)~plaDF&RGoRDe>fKjuIY|p7MG%0y?IaI59okSUI@0Wjg@NzLc zh`BJH`AqMAg2tSzv+x19U(Sj@hO+89lExx=b9I0Kv6^IUpu-Ui6Z74zpZ%t+563l2 zfxAIy+onN*+UV2rf+XIL@zXC_`g3ytijYBAZ*q6-j$p5fAAB_@BkWooMX?>+yPVB2v_Yf4>sEhZ{?hJS)0zcuZ?zI+xa}5Z5@!Xa?jdJIS+psp*0%H7?*!*7il6Mci3_q>*a|- z9(4K2=rBXl4cdOG@kbRv{GKV+rq2KaDCoj0UkMA&IYL{{*O-er&4^*@KEu!Co*8(2 z9nPvUCq#Q7nf#W%Iz~r%1|ZJN-${Jl^kwhV{5+KIGGdu@DJ6-jZmiqaFQqxXSZ9(oXSn=J$RFR*>B`? zUXa+TVC5@tBN7BldZuo{HFE&lr|uPoO8EG7Ry$<^ou~(kO7r!k&r?A<-Gzy zG~tJ6PzpB?DcV^O>MSn+EJYrnDenD`U0}l-h}q_2KM$t!4rB16vh&CPxOA4TM<#Rs z`u=s+x{Z;wCoK8db8B{K@>ho>KZd;jAP7$vbt2&##FU_vN_A+e`g3e3f;~#N-wun8 zw<8g(f1%r2p59NoiWtvI3{gT%#q4Ze0R#w}fCsN>>Ix|TPIjSt|XAwHEId-6O_K8I!2eVa>?bOsJa1aq}ke{}0ztUSLx$H8hbS);%kH7J~{JpWhy zh~AQx^XTx?1bT5RvzR_(CQ z`v|}dJ<{CD8tLw9XKSS38BN#mWBl(6#}C4uqdgcn`cYOTA6JOWZ+;nM6CY?DFBbp% zc55*_i1)Mn>r51isHRE3-FV^ADows-w3no9TL}x|{XK3acRkNet0~EQAIFrGjbrG0 z0X^!qkdR+)T1&+$1p-qV@5DhIbQf-LEnXNHOtO4W$9uMAY3m z8ZnIBtY!ERip!z35vvA;SS5K~*MhnTXCJInfLsM`f*2DuJWUl1Z>3g;4ts6Hw>G9K zG{oSuLX$I&$J|@NUyksd3?F!;L!$*K8DZ+sc34SISn-#|*Ovp}#DY{~RA~U9oIC6u zJ1}Wb6s|*nE)b!c1uH0QI!XHxFUf|Aeg>WZ7Q;c)6SjE&>Urv229B-OEaw^(Xlefh znm!_zP&#dc<}2P9&&cw?JsbYeZ59MvT_+CTk07m8+GtiK|Rc-E=Q3vWwz0)%|+?81#>`8BLfii_@V_M zyBGHZA4?#mrW62>v6$>U6ao3F`Ur@+&KeDI_`PuiVBgrq5D{goQN+K6@y@Va!9WNs zTV?7)qJ+$^`>_-@^bMb0K-W~c*qq0zjzzNAH@d_a_iWM8_7h_=r@1Yb^C0qipc1sV zcp#D)p*9+MKsj_k)Kq+_GjkX(97Z#n z?Qjp*UT?SxzM9~v#c_^>Nb8zeR`7P@UCl>(nb9PU-EU5 zn;mZ5;s<7RdVClY5p6=7_Z{*>^au`qM7AM@inwGa>d?f3wfSQ3*A(N0R0(WHWt4s( zvmaJM7_${^t7w@iKO)uQ3KdC=dqZ@c#Fm9knX&TG8Yk;As*~Mqy{GyYKQ0{kMply{ z273V{^cdC$zTf{`DbxuRtqp1bOV&#l!?Y}8f!mSpX-yw5j*4nTH?ulRJNW+LSr=Z0 zs1`U8`cffR&e{xmn+TveE@!gn%yV-%<7W7rdqR^v@-6Dt)Hi!@ef9j*{W2Xjcb5hM z2d<=|{03hXCcED2;i>YVA+A1gf78BK0C^0?GB-1mA=w1b5bt= zdw`+F5>g4Fy5*VA%*&M21+Fi34gNr0H0u_~?#=&La1Z24hprUR9GE?ZlBLpM!Q_j% z?d77P57A+uCLv}%!tkUB7U_0NeDYlWYhi@#EAEu-N7DBf%LcS;ei8%IgIL5<_7bzA zWgbIf79RzwSwr~ix)8$dq?C`J7*yjIcnC;8>KG$;;T+4js0diMu!`d^;fM^y z-5gXiSg1==As0-@Bnz7#3}_{_=w5zVEDfrlKb6Mohdwfh2ZKg4^aM2Qmp$8Wi(6FU zNUFo`b!@i&y$x|zzDoiwOKA+D2wrD>(eb0cAOAc@n#G`0g-79W(c$XRDo?Qoq(H8F zc|JXg`{^{2EapvZ(GGLUaxC|AY0U` zCc-2??PNxq=$1!kC(G#`lA5JD(}1p(fa;vj@Sx`4YZK4Fe1z;V zlivLCtu;EJ!{pNGa9#bH4%CjSo_MlGX(ojIn1(!Tb&wGaAQ3r`Ka@WnN7zOYi_=^r z?w7~AK8U}W{-W9|%9QQ-K5@%9&?~X&hpC7NE9F2wWws~)KEIkZ5GhsQ z#5?tv!>l#0`VAN&R-gay!KSbun|Sh!;#bBy_17};%@Lt2fRIEP{pP(`LD_410*h3}+(A)qTU!VnrAjT*?ImVRzkCi33c(+k^lt zEAoLZQq)mj$)(}TO4lLWh=fygOG~~y@8@SBYqE>r2mj11~uFb}yz+$8v>s#lzaX;MmpZWUM z=+-1QC@G^wSP(Hxj7|M8g;dgBX3HMf_vG2t;Kc7)!n1{}OdZ7Jp=N}UXn{f&!@|B)(G{R#UJ z&Qxl+*y?~k{H389{kC(MA*%&62A68Rml;+O{16xWP1=`DJt&UcrahikSy*0~d@eu# z=dkGn&|7FEVIxZiUMENyJ)H*RQpAKNzRZ-1BI&$4x@s^*wz~H*_1Y|v(Ydx0Z!5oS zzAHn$cfBq|jf*?Y43icPKg=L`9_sGiP69*qzk~QIhjtD9dN$PQPKcKm2f;}QyIa|M z^jJKw?tdo4icpvF1B!mHKId_M9M>B4$&9U+od|cIKqhseY|3?gy817o-x$J-%)Qd- zt5e0+|Nj2&Y0asO-D}zR&MR>wi+y;Oi?@3)A4Q=;t3kE@(QA9gbvO`!^GE-y5#`Hq z>xa3Xou$G8FzZi1QY~ezJe&!SeWc@;B*2U#{kHB=-^Zqt1*fGu!l8Qop6X=4-b#TN z0VqzCEjPJ$9n~+KDEk31B0Af20JUcKmk`b(Srb*Xp)r4*GQ=%FgF6I9n$*8)UZW+{ zMnDT{li>!yvpwq2Cx9Syln+4h=b^axi+0M$2?$HpJCk5zJpWJFM*=@dSXUZeeINY6 zcvu?T zfb4%?sMwB!|MoG2L>sFI5EZCzbxaxkijd*5U+}E3Wc^XF&|6<3Yl zz_=!%7>dmFeG$)Rc{c37?6B?Z@EJ)&JW{?@KE|fFMuB5PE&W{ep?a@X_JBN=`3Nso z$-nTC;B0pFSHc{DYwE~TAnK&VWRWHe{Q1gCf)^{#oQ#wn;&$%NeEH{kjKEFv_94m6 zi2xI9vbi2{@4+)81dcSJq82sv9h&N%^}#5!M6?1MsjI8auvT{dsG_c;&C2vRWKcQ} zfYu;=W*URM9vDTxZgNR79372@slA_3a_npAUrsMpWwLl+5xur5Q|Y{!(YKI~5(_SH zheBP4le&WjGA-@+=9c5*^ zLy`|7W0$59(1n3)WU(-WI?3%LyA0N)I{z~eWi&b&zCjp+Uw`o%`Tx0%83BjJMxbH( z|9P^XLj6G{P#^pA^shWtPxe2L0U@O@b-e6te%Th+@S0W$6Ny6E-vK_YgS5RFjoaev zt)&0C(||IH&&prRghJ5NH<0N>X{dKQ4}7fPxqe$AMnU)=YWMQsD7OSeV(q8Fu2M8s-f(_s)!| zo7cr{YV6(Jh8W^)G*(au%L~|R_G7?m5yWg(_c3l)%zjLg{e6cuO&xj^GbVSlXyL!b zo-u8cX+=;;9G#w-)@)dAB4$6Fxte{y<;C%vsJS!i2mRM#xbdVX?hVyy)8<8#w3}O%&Q;#A&4>4;uN?YE~KkpVS|zv z@|a^-?tCNdKdCoNDXNLK6jd)O`C0IgsGhRnuIiId4M~N2%WW;+D=k-ILA+sbel&h1 zj*{+_vEp6Gg}`n9J&Kf`@s$ixJe(rrS7G#Gu#Ep7cUPfhG|*vmZ3{SUxNY9TKB`c! zM3;m+)HqJCG`3rI1dnPq1O4(P2h{UR#*D$4=$ zcV^=kAD0~`maO_siO}!o8Ad&8witjQpJ0=%1)L$~um0Axes=CUc=}cDcj?ESKDp~^ zubsJxzfzrX2UdX^uk~|UfW>!SLq)o_CEa~0T(XaYH}OG**r61cH6G-C^>?<#h{OxR z7>oifz76DOBy3Iq)<`036&`3=qLY^^VE%eSh0m^MpHbSkiuk#{t)jYWJjA-BAo$zg zo%yL)+@Y8*7LTbCT{*2CHnPtVH}SGU)qC~I#5cn1GvAbnPVs}xgw8`UK-8aso>-6c zsV{L5veXJ;*=NF}3zHu9`tr*7F))|XYTG)&*U#?S>f$9YfCR=A;AP6ZOG(*p+?jD= zDDS~&7@Uek V$WK5HKlCHDnNiMd9U1Y@{B4dsZKztxJAPQ<;>e>DtL7IJg# zN`C|%$r1NqR9x>(AZMV`4Gp?247R7y(<4~+ahqn1EQ9KY;;M$DKgeT~B})ay31K;_ z*C_XY$&L+SaH~aO(q$RzwJ)+Xl+h#+)!mNkPYkKC$7^#zaG3URK7ACJQj~}&pFqQw zpAH>K0ci*V+MT<%xtj$pjG3Pi;;yK?W^ylzzA}6zlt!;ahruTTC}a~iVUV#0l%>zV zmz&Q1V1rxK+K=pfF3I;`R7>N~UOWYe9Q73h8(ky4^s&yn0JLRT1kH1h`IbReoT;N< z483c<5S#)tyq{!8#6-I9UT^@Q+%gwT!`=m< z0!+{M0ZI27%z7Cx-)==aWq5ih!5=d;_%P!m{3{2?KVFa+>>?|k+PE@XU6#A zTFY4AM?v;kj=DAo?5^!+)<_TX7x67fE{<9r2Fry&_ty^IWOSV$%3K?hG+WvXja0b%{_ze45xWQ-S@cnERlL)%EI?E8VsA}|c1YcAD;ag$ z^m~s&%R(cZsDYr4^ZgmraWH$xWr%{5a>|!u@gSut{~!$wJ4dsUz0UlT9%HApxApd^ z4nlQ2%?TSC#$g#{1eJB*Qb0a_c~`yG-6O(x7-=PVX?@m)w4)$=PpPJpBEZ)yE4|Zk zbG0As@fw(Y=x;7Eq^ED^=ODebQ;B;wvNdO3Yc7NSOwWzgT*I(((X;2X?y+Vx%`)N= zBjywmjEM)5?a|rKg(%&g!7O{M74&M&?@!F+Z|^x(`xc4_7vH5FdgSYe=y zD?z7ACqP>Z`i+2a5NIW>o19Ld#=C=bL)ew?{+fIIE5nJHGWt&GC{|vR*`oR7%VkyV zoCU%HzrXue0&~}%zF8rpl@3|_!L(7~r@;ZsPtSDT0kp~^suIC?p8FKHp^GAVWg83L?bg z1xFfCL4z{C3qM%`q$IMT0zVF|%+;tt!swB?f?m4dJ9rhs4Pl1C8|$sroTr8@-Y!Nj z6&+tP>L>xp2YYD+R^BDCNxJW+=(EV26r*?vjh8nP>5(hSyXgz|92!~hJ5fEoi7IPT zmiD7{x)F5SgL*FMi7`Hlh-fO%EA;CV7Q1lu^|lG6dIDYTmgm#fS zc_o7bjsr;PODgfcm=q%x0^NkneY9|=-ed^}ROe6vlux??l`8B?Tl=RQPJ;^lqV7_oyhpv6v~6?>^O)`M&g&5skaP-OV{q5GBb&hQwAh z|D@YwKg?Y}cjpCbkVqB6S}hfwcH-1}2yp{XtPKln*RxrR3Gp#3t;^jp%77=JjQ#^4 z%v`Rx?tuODV0F2a@^r$hWN1&5eol`S>^?GC;3pb=NcXESi8B;|%6WgHX$`qgvUy9I zQZ%SjWYN)qLM`q#6X?ye=N6y>zkJZ*9hC8`+iu)*XJ%Mh1aVqR{<8_&ACz z5SDoG{%6{Yna6BdpMTWI3^jH5jh#TF4~SS+l~@8f$~J5d0u!O~d>Lq5x40FQ=&Fy0 zOB2B*-)O-LUs5yj$7kO>u6z?O>sO82Z@_(4mdmv~?`YT&>Nr5Ykqn3GRK($1r#R!m z2D}l>TJK(h^<$NCfyxCwIf3Y>-^%Skk1QtehO#x(`QgSR^#%K{aOUC-E1SFkN#X=t z!k0kR0SJhU>WWX)o7lgO<3%Y7w;TNJEhjqXBAX76^_$8~y%3)2Ifcnr3C&l2l5SEP z;C8QgYuv&5J#wF2f8@pxXa>`A6ad}O2T0aS?d&qtA>@p_do_pDo){PdUGq7T@{}Vt zZ42d>9CBMNYO>FD;HZ2qR0+83?u|5f5oKz6o!?l4eLQfxqB>LvP^E0lM@mozK=NY* z23N&`nE*cIWE^n6Iuxq}5LEmDPzTA*nWzcX5&8i1;}wf&VwFf7F$vYhAR8{?yl1~? zI;*DQrIenI7-QI54lp)eEo1f&o3M9!^HFGp4Q|S4LV?^re?CRSb|arYhZse!CDO9q z4SUbvQ?{G>{L)8gCa%DsNJv0}_zDbZlv`wiUCP!dpP0v#oCTff{+jDP?OEWXjw}wN z2AD;+?L53}&B>IwY|)6gAEwrC)fOtL22sBZ-|=@`9*v*<{Uf*P``cV`F#}0Kfpn43_{BnQYjM0|EXH^yltaBRVrF{b9rM4+$WA zH2Zk##C_dU4%jY!3`u_=JD;@w)&LRP`F zwk^WVM8cYpDttLTVGqo-UQy=L&gRb#aZkh6dc4(dVc9<3H96~P74`--0v30i3+gyv@wzA&?^xeJFQu|C5P^q z)S1~B4EGlacH`CN>I>uQMp?%T+WAUq!TRsVId==$XW2-qwi3u?zYywv{22_AyaTW` z(*aiN%_KXht!bv*w1u|ni{yQTH1i}SNIwtIFVLZYfJmf!gU8=1xW17ik;GW9swFY* zDvAMQmx_#Cfl)1={y#BVM2RH|9%2w6=zTnbc`?-q{1 z?a1=-WxrmWi@r&teB?1i0jhYuwOM0z)fyS#eD(8}bx}r$p>v$vXFHVanTvwU$3GF^ zEj3_mi{MrUzm7xKx*)<#JgT`astI&Iexg6kvkn1_!c7!xgSfPr6>pe$$gH_;qOa4s z>D%iqtRkCI6ba&rOY-%v)mN7gne0f}gHHU>P?m>;abt2|M${aBFRg9tLtI5v^PgLS zDkWqE$UNbKucnF5^2X)gqo?f`d!DngWIlu(R8yWo2bo}%U@6qVznax- zSbVNH#*>7@SPd$0WJX+J*_X(W2gkk?eL0D~$9haryGVRzHvM?L1-QPw?73`4pS@n= zvJu!i6mjEYebB*3*xIrBs9N6q<4~%+^aI|8Ph%lgIV%?6Ca=QX@KZ~zJck0EY^R30 z_^TnVKqeH}KnU4?AMgh@vH11=iVV|)*|-lOgcACueZDY4h~u45;~SaN#r1c! z&IhYqqi5iXUqI4)EJ>K7_w}dn{yj~Y2$bn#zdHp_ALL1ZJ=2}A_Pf5qz67^SVT_G4 z1$Vqq6y-#ho@Xn-3cV44sTae2Bi@u8b=+KZ=#&X80_8w2)h3HJf1OK0x3xAfR#D`f zbeZ+dU2ExJCcH3ESG`)GTl=~FX4Yy?0+ZZwP}1r0sN^;e&A;_VbB_V`y&D{K*!CE5 z@6s~n-p!-5rgast>=*ME;Dqd0NsJOR6okhwsQ1!FZQ@7wxwqAFpsD1mVwZf`K4%5T zrEv1yA&pw+A5A_Z58hRWJdZTfbSJ;dY2+`ac#Hn;q+ml~ieQ1@P*^Ycd`^xaFYzga z-h&9D@ai8#_*HQXq3ZG&Z=6EUTs1>|kfH%(Bwr@rTed)-y$q(Bw3l%`k|s=CegqZ?WY{TmJ^yl>o;(A29*czRpd4`4mXDaCm z_RS>uI-vA;&-i(AQlYA@Z763!;3TioLwYgiU#&dBG%KC}u~rhXDhJdFw#i1U%{zjF zHc5T^Z0s6FBb()2Q3 z2cp+-TpkaX-41Ha-<4qO+ibmTpN@IHN8EREQKSe3H{Fs+{qDp-MSY|}Xkykx8Wmr% z{b)U^sH}|up0fn;MfZr~rf=T6uj*fY_Xv;fOfFSb7rch}q49L@;@V5CJjAKQ*(cJ) z>q6yxkiI@!cMXu{O~u3rqK13~n+iDBuK=c}0ARZ;Juu6zOdA|-O<-fI3-%-J`zyhC zSSf*3UtY*7%Ki;2V@nI;dxES6(Q2KiV9AenX$oP|k4R*fsrpb~yPcF`4)nl`iZ6Zr zp&)X6@^~{cEV6&x3TG@anaP^_4v8BZNxspu3ke>}cB!TeASQ{QpRJ=-&(q*g79(`n zf*b*#Vb{?6&)glXHDI@rcS#DQvu~-`pFjtNKcsA<3J$-pj1|0y4e!$f`u3;vX$nGU z+_AO#*>-Qys-8H28&$$%V&J&nTKj#bVq|X(G08{PPOiYwr9L@58J$B&lX9PPQz5WG zFNQoFNi6E|YH)hv9tO=-)*T}RwtNwLKYFm!jm-xoapB1+t_0!NckJ={``t(?MV(*( z9F0Oz8XcoVjr0fVYh2A!sHxLKZXB}f;_wS87P^g!2~24Pu90S?15XK0tuim0$3?!= z2gP&3s8U-9RqbGEU3ya+GzWZxT+bqp+25`oL(=aex~2~Os4cjK`m0yrge7CU2GrM} zJ55}`kr{Q~m(-wFKc;PBQ*5DxUCJ}9&!c?SND(S`*LAg|W)Qxg>ZuqoU|cMg5J%LA zg+t^y0f11?-*y!tlC5*B?(%A1mq+wc$Xy5mSNvC@H){^69 z!q@Y66kh|yzd4{}@f-Dg9tpg4IHexTJc++N3mi;QlRD~WEe9ISpEPUnZ>fSxSiKS0 zxsD|$itHXaB8BungHnRlvPV+`)KxXV+OZ(OES|ts`jS{>Z?U>*B7m^^p9@Yin%o~= z|CNcQ`R_Q)0I2)Vxg$WQF)ZBZFhpV|cPQGig61EQzyP@85kMLvgs}_|A(&x<>cu2t zYWz!Pyz$ZKIV~;aw=N8Wg8)uM#;^fTRtG>#U>-OvW;_sMJIbV9>j~Q*p>_n{{znJofCi#7#ya%# z58*iasi4$pd%Qr7IR{Bi<0pwB7c%&3?Y(D)?2AP!EAEglnj=C-M-ljLo zNJE2RIWYebH1*b0hEvi2FWwz$i@b+B@%r_z@xqFkn_nN37N&INTo|OhU-Q2I2N11h z)~Inj<(Zk+0`V}~nF3vZb*(IwaTOFG2aJ%x?3Y68xVSbA%`c~lCHA|5WZCu%w_7_Qe^Dt@ z(6)Cj8K$&&F_6Y7h4?l3Def4OsZjwOP;veF&39Ewpy9SSynVXrQ1V`7AtJgs!3HY$&WO2nzG zChL?Eof^qRCzOXJ>Wnl*Nu-fdSeVKxnS_YDAuvh0rnotgT{@Om#=b^`9g?c}c?TsNVL+F0{Rda`u) zjW-LJe#Y)L#LLlWD^CxC7GyBSgqFfpfLF3LavfVAWbaUoF{EO*%;1a$-lxl%|X zVnMfT=0IBN2x-UnYDT|8bgwO3azGgGGc_VLkZUgZD;k#UX((2Zv%0`LjtH zSntg%gj!lfm6b$F#je_V4pU%n-_J9$*P@(p!t_`EfPU+l4el2ARotI{6+_tX0ad;v z_uf;B)>2~j0KS$2rX1|9bDPV*jW9u459=cwSD{b^5-QN!NBw6L;>5Lc83$`}QTt~-Dl zv>on9hTm0-6T)zauS4lt>YF0!#~Y``{=QoQVEHBmE~r}{H}D#CpCprdN!lib z+F8M&hg%Gr(p!&dKs=?igEuDSN*x~N1Uo8@*DjlXLY9PAO>=8br!u5Yt=pvE%AS1D z-b`E9uY?V&Nn3EXzdzao`u_lx=fCVg!Ikre@PC#?`}B^6VGWXa0ZFno1$9pTuo+RE>J^1a6-kBV$!Wt|P94rsO(<{Dxx)8#mKJZShs zYrPiH3@I=p)~*x2pq3m{G;iZpxL5zCUBh@uQrL@i~=r($!0A^9Lsk_K>~& z8KQvaCEjb_xLjMNjB4Y}cthseb88#lF((ceTP=~8i97|nI}eUIe@SCCjzeP`R1s5$oR;l6AWzi{q@Om#JUWnLLTsnOrs{zb#=Q5{9y0*!0s9g}BNiomU)g&0wF+Qcn5a zT9_-JqH>diQXj+)>c+z*FBmPKo5(ubNY56n3E@R$0-ORevn>Xz3WI#{*97sSo?|Pz zjPOBt1g(z{#5Fq?qKv?FG{?{`z*_ea#6?ATWKx9RLL(hueyPy)D@x6grlwPo1Ca^R z=vp@}{A1DCfPm7_x{Da|zP;Imxayjy?B{WA8rn{Q7}(6*_^uE^L`6zQV8Hpny6Zs| z15qj8N=+}J-kYrf$qGQPp`7M_MXwuWKNpwn+pgy2bt3|7TctvG^P$~x2|NA|Ix<}f literal 0 HcmV?d00001 diff --git a/doc/aaa/ldap/pam_layout.png b/doc/aaa/ldap/pam_layout.png new file mode 100644 index 0000000000000000000000000000000000000000..704c6eef49da51b57c74bc80c0cd9949ae865699 GIT binary patch literal 17651 zcmd74XEMwbr`Uwa#;$mvD7e1wy?0co-NMgoq>eoTPWlwI^fbvHWMo`^!sEHqo<~9z|#6D7H>;?8D>PYVD4O?~ld zN^;Gh_|EjrYST`>X)*~6M2Z6jLy#m+5C|!7K=uFV0F8utY~ay~+n4uWZVIHvNltV{ z(c9$&J#rd)sq<}5sRlhzgm1e($?ZPm^Na}R_-j?P_{pjt2Qnel_PVb?$ZFE{VzWX^ z$a7kg_UadQYMHUk^*u-oL-i5u@kID#Y)k@<-8x%>-TrUeREp`?_o*IBCA)Oxk9+g$ z-7;0vOb>8oxLK1g(-L9_E7b*>I_egO(bh+ zxequLmr`y`>4d7LZ!-9uz4s|GKQWACKE5=w7$3WKEU^=5qYqy~E*Gbpr85-SCElEQ zd%ZnfxLgi)bS{aen;y2mTx`~QJxb%gY|>xkbLF)aDlIZ-?XhVi9<%B|Rq8Yy>Ar6E z-gYAE@~-2fu`XgnXYuKkANGaCMDyJ5pG^c?6@LA$h5J(#2cvq3oFh7kq2qLLypPcK zOosbLr$z12*a+eWYoAU+^CQL0DRUbk+cJ|ghG3HHuc8!_Vs+W6S0a4At21K|KSjf! zYIB_#shl*@l%f2Xs!gd5BFfKAY=Mo(zM=B&J;Y5E)T=IECqBPA>y6A)OIHfqx`~x+ z##k0NuPQ#*+C94%6~BmVAl&qKD{|K_-BjK<{dIn6ma!6;1xPM3B^JlhBHMmcs98IsjDQ}jBI-7rnVsmP{X0;#q?cdaK_*nn2c@UQ{ZTT_az#-+ySd-HQ+% zt|EOqavoiuS{sJf>Y zqQ$dUxj1EKm>A;j@Sfv%Wn67@F-vc&$*WLv>Y8D)CjqC(;6QwHb6$-1TXwvgpG{o@ z7$R4z{sex_%=bmQ?$mu_sHs5jxO-CQ!CjC@!_kX+R?S2=E0rm?OH?DG`$ltAji(G3 zpGv2n)7MmM?y@m@u5`*-Sf%u!Dcwx^as%r_y+{75>tSK;jrtoq{1Y6Zofa{#!-gI0 zQLWX<$Sa&F<}qEv)v75;LU7Q`oiVkM)^-GtP+-w@_G{kay==5^>8EIME49psMbr9L=oAi$H zR9@Vi%xzuV_`LTKv#6f&F*1B<;~M+teIHK&>NgDDWOidY+8;vjzwp0j0{bFy zqV&1I%*E#Mt1TPq1s<{)3k61~Lu|UC4lx5B!6`%FVw#y+!+DGk-|mCn38$gg4Pz}$ zq?<1^AfnD|VGpF=wwV)uHClb++aj+<>u{o%W@eFj;a~Kld8Bc>k)34frW_qvGydhS zi`~VnA^Jn?R(|VQvDJRvl(}vFlkbBKEnRkERyb70H5Gww#7z=X-#QPrYF14rG7BYF zt98y=v0B|sCn`#K-7U8PHP>ox_$4*d zx#~}5v$=93I@NTPFsI$Vs;xO}-e1&Ps+JRCxZ?VC8JX3yrs)htR^JIqbBn3USXMix zNR_Xt=6J=ale#*knS*0rDG<1G)hIpV&`Y%9;E#%;u`3MXt@3hzbJ00gen&=PPMaWO zp=m6;W}_1d~@s3|P-zjSV2Di_kC&!5g^`B~*U+1x{dpE-&TvGO4t0(-Z?0P5s&W|N+n4xpklmg61(>e2vxxx}35vM$rB)-X=ldf%%Y1g1I&CD*@V1b={K2;goO+|nLE-wH1)bUmv-8iQoiO;Z1()o zdn^}O%|j)y5N8v3L^U3&L^;`hlWJyh)sVM5*Xl1jS_FpeanjaH?Rc{Rxl-CM$*j3> zV#;URcT8=|rnz9V!(z^&ai*5u$L&kH?n&8Iw{ZF9Q0Qdcmh)^OdQ@`6Bjy2q1Lrav zNwOS37SD|@uQT)K&BV!|#IWySeX~wv@s+IwdsC&+w2k{7@j$hJ-zD3IfJHK)FNSQ= z(JRr#spHF^R;?c{zUl<^Zq5zVe@~ITikLa?cG;SemKuAjoMs`OXfgHR<_t^xV9wX< z$RN}FjKZ;3Pk7Y6{*dnCYUD(7gQwB%*J?eJ@!5r~a>;=E*xW#kz~CiS{q7IzQ7>J? zUA4_J3;VM&vvi-}{uzo%X3gu@naA$^nZA^^HxDk9mbH&(zq;9vWEHt=)qWA4@T8hG zo5|zx=#8;Uu~3_J&${XrZZ@(=_bPCsm6!}UvbC$3^Qn>iRa`?hknD4Rd}KsiRJOs@ z*~4qTT50p^y#Cb+udr6Wl!I2W^i{Yn?XTv>8AqpG$)F>uY4_&G_R}Klgj+k!Qd9Py zhkNXV7A6WeZRXDWj(2;pz8=VWjGy=(;%tc82kYRZc30Pg(pxPKZ1wbPTTtmcB}o1% zt=4n8mK3sd*5_G2Ev9(AUNTn`Y5&DIJ;Qs{*K^xrYn4jheuC3uqP3`E^L);?``U3L zUC6%m_38`=BB!;8Txu!q7ji&9(y1{DD$=W+rsOp+3zdbH-$eFTznytIRcij;Zu~5` zpKiR1!@#9t#&b2jSl6?4aI^fG$`%GKPKfu`7m8}zGxMpqi%&%c^^-z&Q&yoTo0V0C zV-q1&glI2DOYLskqBodR_LTcCvij9UU@gt5y#vsttSaYOa1PE7>XzOuoqeUMpOz zZLIVLdrm+zvjP#&pDe(}?h>@2Wn-|-iY9gRR-5-MDtncQGq?EtdOl-mJfx_$+J4Vf zr`)J;OY`xRIhVL3GV!8QJ5}5xqiE)jUY$e?!#LQxgr(Yj(fz{NYgcEPtHQ3eiMNchQ!=B99;AvtGpw z?;YaJ&E}WY&ojA7d5?eW;zNdlG(bI0Q{}GZBZY4UGraeEJ_?q`n5?X@Og*Jbt9+a= zR~kz1{kw}hA2*EzmW#tebqhb3kVrYe$GUJ}Ho`iB|Nno`0fn-uCT)#7{jRnZ{hF;| zzC7PL-wKB1O7i3OTwir>Eyj9G^d)=Q9&hSWy#MwiP1MV-FX_RD1Q*5|Trya$0PwX8 z$!^>8LtSzAP19>IWWnTY9}9qAkB~{hrd?6G;=Z~trXL{`oJ8Y4-rt@N0ON*BfSAWUR`LQ_3lV zJ@T>iTeJ9(_#mVlG@ic z_7K9+Dx0wvFz3Uy=i<&wVP0xsoWjCm?%UIz)@R!@_32a`5nX9lG_Cmao}M131wJ6l(Tcf#ZrtmlRW-dnA8VeR zu63Dl2P|4i!TDOm>1;lTct4gE8J74C9BsXwcjg z%^)r1r$~<=kzhtZRZ@lAdiCF~vrye*URT{lrs3X^1#N8A%vFnTe{1)AWH(jq1}k@7 ze&)3lr;v8Sgk-1HkcU^>PAq6IpmaOg-{qDPSN#NL)GC8Yu2?6_)STCjq!&7vDh+)D zm}T=|P`ZXi>BBegZkItxi&)9yB(ks%+&bDp_XyJ*r~PiOUgxVmU=s|3&o%kzQAal5 z(GvulUSSbS82X$amNj~vaHuiK(V!l|V8a760_NYOg>i@DDcc~_xN-F4Y|tfX%j3w8 z>RR6i2Hf8hHblQM@EHjwxbv&o&(CZ5{Tp2kpUFxq)t4!PR)F73x}uyG$}E2|(F$6k zjy5NTh3qCxug;HLjDtjQAq#AukVt87t5!#n8=|0J$-)j90m~^L8%TkB@2mu^% z7oT#;k0V1il&E$(%;I=+A|Ds`@#}@nuy87lfmSa+sSi&%p>GRt7nhNQM2dQCmepHOvutYs@ftG^b6KrA#gdowjZ4&NUm zFD7(Rg|UAMUPKeVa)m-+rbJc{C{hTBW^)fJ*TNSWAW0sF{q{ow=AuB{V(!Z71nXKw9Vw-~vKWCJn zAbQ@(0S&`a^cj$L-_%TuVtW|-rp@C1z5l+GhBh3eXSBITjYt=B`yw##E>`ON`)ILV zYO~oU40h)Mao{xv@>>Wo!?rWGV9!$m5^A-tFtGVzS9I~Bt`Qs#WVc(hRH95RET(`A zphs-(e7|PeSt;NrrHZv=86NJ%wEL8u`<%~7?Os}O{kB-)%YyhBU<$ZjY}JTEc7d^i z=yQh4AE+ELHAIQ=vsZ2(>F^Ze|$UYY18- zsz(l-#zzx$@~b9jkf0_YaUuK_+!DKGTzzY*#-r%RpV6X?dz4?_lw{Bj$cn}f|KmTE z80_baYJpBT&Ln+N3J84J!6o@J5bo9Uw?}`LSydyDj&Bf_dz!)65T@FgC(lX9LRNNr zq0oG02q}{b90__l7lMAQEC?~8y|-!dIRUQu`aYypfC<{w zL=MwJXl$xIx7_$|5K^BSwTIL~l;D-aZzD%vAC55!J`Ib&yl$vj2xo=bwmU8$1dzGj zSuE691&(v?G=q_?*fds@0Xe~x(RaSQF8U*%ZFa*4j+gjPRR3PHlArqWiZd~i@#KjV z7HO6mi0MfTloA4&Pz}6VNp*1VaWg1xzJ4pbBqDn2y0+4XQE;W};J`3GG46Eoy`-hM zv>2pZSRcd=rh{NPlw)g_DP)&JUf)-?mJ3V^pfRz#?j`?<%poDf+p)T%Truycb^@5k z;d|`G)A)2cz;e`L!K|H?v-|%IhG-PZi?N}z@(T!4@;50c<(}-Ls!Q#uC6w={r0uq9Tc*jA{|G2x76x4 z`%68*nkwM2Z3#U3P%%sNQF}GxvoJaz`1kjve$@YcFs@zPa7)7H=Q$y?3&@|82k#I- zDu`KR%WGR3b{)sRD=)p74%{Iv5u!Vukt^O_f)aRG@>(bCVKhFdz=`WV{yeGAdmLzyld_DpsSOl!IAeYR94Ny%8hcbL+Fw@{;0%W!Ir}Wj~aPgSvqMhW? z?-$#WqA?3ylQ8yO(>4-k6CKN6*}*m>7`o!wWR&^kBw*|yU4kr835b}9vqPQhx`ts` z;!AlLliUhw2-f!KJkszmRmkp7lwgnhd4js;4lt8M6soL8zUtMx^GL`maq3&iU#{iE zQc{btyoSh7ix71`$sNbp%gHghxxVV1W^N_R5*36+vcUvQ24tjIH+?=m`p@(|cNer8 z>Y%ZNJ*^zg{^_0gX3hi4n9$D1Uu)nIK^ZT#F_Kw==QZFS2wP?6=MLnwzl-AxuqbL2 z7X6dy09)|2P+wc3xVrtl@W|rf5O!RU*3$JaXK2Q*JBWgXi-{4^Bl~wW8ZfZ^fQ|-S zN`YuHjD(R76eGNeUTBQ7++gqHhFNlHz`e_x1RW)C!vWVTGnpZgDboF3$pt8+(>FeL zCdrA1aU1LemGFakI3zn3luk@a78Bb|#slqHe;?yS%xj_ZA(~cryK;gE*Y4L)q>Fq# zWpQ)qhUtUuzJY-OY3VQIagqv{FrLIR``G&BZ<~2BQkoFwaQAdBlWp*T-oMLF z6bi$LRa^5Z834~IjciZZw3{D1ky_$P3|(bo(AB<5%oBh#L;H$^m1nNlX5G;$dd zy(^b8XJz^~@wSTi?Y80!1bysca6pSFhm3quqS~0K$Uj;i?tVYp=vCi#aa-~ONct z&<*rX-Ur6%%iG%Y4QmqTx+_^WVn`nD?BX(m{Sv`q_MC(@Bu_zk_U%T|3$xw%RwoJq z36_ShpBFzIrYX-K-InM1K-;31x4Exbd>u$G&^xRNInKf^E6TKwOv4IA9`T~sb$~l| zyiw1|4ykfk9k^t<{oXra!ECFE@=qhhdQ**T?<6gMGO|H0Lr-t`%#O2UL#HhyE`faW;%4UKn$`a8_SiZ-nQq8B-E>zZ1tQv3#sOMv5>fCIo-j;lZ!-q(K*eDCKMAdwKU6ew|AT{j?L5A>O zGAqPXCK~uoEJJu}m%xdsz?7)IM|fZJWP2t(G4Mpqrf zIczMzLWX@K0EgZYUC_k$q%F5zj%Ah(Ut{;L}ip$t59`Tx8ig0ylJrhZx? zSN&zbsFDOvf<)W=Y*e%5T3=3rF4Fu&A%@PWyNe7>?Opu+Uk@<7|JPV@91y_i9A8ko zbj4aOKVKJ#Sr)!2{G6+XPM#@acJcbH1Rp|0utV8`6dbNEeS{olrFwfrKW4|jHk)l| z6tW8r*`?UHCl$lta!+9}Fe4Ie>t& zi`C@9Jzgu~h66DKzXKFi?Wf{VTw=F#6#^mzJxJrU~jxjw!$C}(~JlC-Ka46 zPeSClAV5E8pHCh)SF*V`e& zkC;LQPC_b|d5_ZD0Z)`E15=+_2|=r0;Cebpetgi|HWgg6_o>tlLC7HNobJcKqwANw z|2C46+d1K>(_BP-@vgHz^UfQD*3$m&>UTTl8g!F_y;{~0bGAkX5HTDnC`0AsLVr;_ zMCZ6YK&OOb8Sib^@6=g|wfp^m$cB6?5Gx3N-flGYM&GlO#v)1_Hk6}4%*J}1)yX&< zRSneM_C!{^VigvH)wg8A;2kXbdupG6Jal*EwV|~3bN&;-)l~|}+x1V0)4Ad(jLroL3ho9{rJXh($tS;>UicpOg~oOgz?yI#n1VJlf@?b@A!PfMsM+KPwv-7u|77 zk5p;o#6LlMplf#nX?f6g2s81UtpVOt$k?tE^Vr!*lX_N5vRU*<U0vup9k9FT?CURJ#X;P{(h%wu}3 zx^lzTJF5?&cQ|+jW7Tjzb1g3|0Tckk?Kl+SpJj~TXT#6ETA9%lIkCd65(Ctf)`!2Z zC8_sy92!ShCi(Z9D(GhecbRR>BR^n&^#@ukklJ6YaKvFsRjEXPpt@5Oqa1n9n zAolk{K7u$G^~i>f-ZSGWUc%u_yD(T%0UzJ|@A*a)O1kw$3v=to3ldP^6FBbk-N(u? z(Qjb*JPp)sN+8TVkA{25;6>xLJ*Z>7B;pC;K7s>a(A=itiP1?=0{-(Q<8LAPnZA?D zPP=@&@gxzU^l!h@kQE32q@*VqdvY2ny}lSLy)6}L|Xn8`qB=+HmQ7wnv*io|osA^eT^nkrqGv6kz%sRjk`O(*Q`fVcE72GelVGA+{P`a(llpnJ@aaDSY#Tv%JX@>U4z z2WqXG{CQ2T{L|3%(8Lt#$IM70fZob)z`wS&4Gq{;A#1NCL545W5f64Vq)OvWIZ0e| z(S;seo?T{!-A^|lzIem*)*U7~2s-Im9p4obrR*)hE{&Rty?z?@xR->HgM8Y9c#vsBgf;8gws^e=mjU%6N z@e4qqtG~QXAB-nn%xBtRr<)<-y!{4xnqGdrVm8AvwGBSXEX zV6b+JCnPH`^7}%#AvXUswS@K1QvTCFj>-i_;4&Kb!#NL$*~z!8(*?0Fqbfhphf6iQX*)+t~QY}$?}cI>M{;K%<2Y+ z^ZF*eOLMet0ut&Ag^~g^M#txZWblQGDLQ~{TF`Y({SE%2OXb#&!rgTKi0RDIIF5(w zTu=~~aYWgoXv?lq3*Qj6&%z~womzl^CM04~I3#*5nvc3GW>Q3+BuDKtUeGgre>)Po zZGkB#dhAdVn#azW_)i>37_bBRXa?_g#UCtwa-=6HX48TNzUlRmvDE4k=xEGZuWx>H z*u3x-*UpL8YCX)5@s6Ohg6lV4(7oon`k?Gcs&*f_uLxFBhHbW!=tW1}flv%5Z@J7Z zpJI}KrV8V02xgn|Z(FdINdAorsqwSX#~n&yc;Uo$dsm)2(m^|mEmshQHZfUx{s&IV@!-K_v}H7$WB_59~ORG$M_6m1__}%C;|v(Q{qjrZbGxd zG;b5m#y2T>} z3-johSMd0|ejsZP^rU%RoGJ`FVa@pqWs>FofZN~|ScGVfnN$u>k?ZH3n0wd=vT*D{ zP{}8WI287~MAUrU!WTeN^inkP-C5Sk*mJ-{7@i2{_g~hgc`M%j#-G?tQ7r+9Q zdWaR%lKE6TDFFk^t>dZ2pN9PEO%jO&@c zFErq-)*y(CzYz+);XY&5etY&Tx8ySu9r9r<58lq1-NQXWx^RH-ed39WOYFroqnW9* z%m3RF4hPEuud9-!cpTrdGQl1jm>=a4LmE{rH5!P?22pWNwvZH;4p0*jj5GXZ_3HI+ zzoJ}6t|;lbxCL$~);^M(&_X+N|juxO}(D``Tt&AWEWZme#wNcqd?&Y|zov zNc1A~r2X~08A^69P<2C8?osj`QciHZzbioHAGZV_mD%Ac{z0k2;z6g}J{I-LffApI z#n0OOGU$S-!YzYG&Cot1@*QbEUBy5O(0~4J@-rF3v1BO=v>*tX%Sf&3JM1bL|0zI% z(-TSya zyjwf#q?EjQIuK+`YgTV_01TOv;&xl_k8O6n?j`q!3 zgrzsJ?Eb9(`ti{YdKkuiai2i(sc|V?YQ|TBp84ReG0W@`cL_mBXtII^@2fbJDLptI zpl)(`9f}CBmOX8!Fmf>h zerkFXLbTEDlV3da&p!@RFaDB2L#Mf?*~kbuJLtUUqbeD z$LH{g_3x2PX5&H@k9R}4zjjPjR5$#eqmA+i@(8GTavF{kLPECH`Hyg)_luX8O@Q0~H74{Ge697q!v=d4N3b+g zEm=s|Zo8birAD7cNbJ0TQR&OUfDSzQ(7e81cpGab?I&u7B1&b9|MTb}N$@_s1T_o) z_U}^MiFrFddcZ>5MIs*tBY$Sa4MY}L%8}hoe?+Pd#5^Ug{}wuJ2;JCY+hvEx6AObGYbogdTBDnlQz6` zf<2*K_>iQP{w%4seI$r4d_#c1^ zW`roJ0T050wOJBW8bdwS#AoC=1#L>gW<_C-oEAD>K(@YHKCO)B_{&GEha;grjH{sv zFnUxMTQJ2r5x%XY*Fj<5u6e?fOqpb7)cBOS!rgA$T z)p2hI4+>odN}r(Hc-x0R3qeBpfglFj3@Z@GLmF^=2f%Y1CS?YXau6L#a9WJe%4$XFyx_)w7vLDp*fgOQ`Ifw6h0^r92rTfD##T~`K@k5Z|mb5HCAzqV85HRkejOV(#w6zyboKAz+$+K;-g0q$_4>p3R@uHrfh^$z$j zMxme>)@!aY&${^opJ53IFd0%ewgK0O#CSAhfa2|+*9K!8m{-&1EeF5j$4QGXjg_n zHe|0)6vy^rJK}KM*rE zK-pcnn&CAtS>v$Nfr+^`T9oPr5Dd49koYfvGNB4kWlX(LlU$bg+t_b3sBo@aAOJYcPc9 z!Jq4oAiM($0$QQI$!fce;;{;DP3gy{4Sur{6%?GRyrP`8{Yhul*EwhAoH<`(HB@?1=4%Jc+2bX2PuI@&3g+8H_q;RxUS7@|F2n+Do(?%TDibVW%RG&T z8ugpyy|zQSif1-}rsZFEw8{3jt60c{)HNLph}!`y`hfbuuE|f*6yaG!yM6tZ5YYa3 z2lN020Afd~MzRZ=l!L%Lu6`xOX4+HSV|!E1f714^Wa1ay89+<8i;{IL7uC!G+Ss4T9u(84MQnHj@`tqiN5&l>ulWER+q3;;`wKfjd-FSv+0KvA zvXx4@u`k_ZBgDs;b{40yEdYsvoMa3@pp*IA(p**{&OU zpnbKc>wPgbSABhTvC2ykTn4Zl7oEJmMt;CaU4vp%rdv9(Lm?Ms=(y8#VV?-XjsjE< z52kY^5ySvJ^i|;8)$q2rrrxTLj`9KYI5WopV_kL&r%rw`X8B$njn$){lRQ9z0J>!{ zrk~3j7;-tlaFLU6jAFLA9F4pYZ^f`~0*$E%&n#hw?i?HrtBI>&ldv`sC-4OH#+h17 zT{ESK^Xj<$2I5jb$33g47RSy@(Yenxj6iN=UpBM{`I8|-Pa>Eo!_{(mVxA_VT163$ zBKRdyEa{yX_n9(ESY3aru*a;>3D2ZZ899g2-as|`e}+Xe*K~C}mA=}d&Pt6SIFdY> zHj#XL=yd(3)vdvYV! zK|OmGM`s`2DOS5khUvryW1FaKB}HJ)T3X=`;+I@DO}pIGR+{xC@#pVb7Tg;YDk7FX zU(3<(Q9I6pb-F~H^c_&!)obDzO)c!lcmCylI}`+Cktnc!>*?NNdH`g{Uq*p%*7w40 zW3sC7KsCef+Vh0XP$%lK{=K%KP_U|FC_3qAW6Z;duYrD_X>+Q=LhV-9bU-KOzPTnr zyw6Mh4xkjZ0QyO9SYtp*B+_M%EmsCZAAc;IwEcyQ;P*1ee&1rJSfI|k+@5xk6Vn~$ zR>?B&-&-g!x&YeFpI9l-6J7oXx=-tmHSzV|G@L}NN?m#<-osV&M?$5Tf=%}pI#uDo zGnS>O?mgDBHoq)zJUCNMOEYW8FXhqI?5g&qRXg>8(p3PU`nZEk?VAbWvR0B#82ll) z1{0`3K+)B4J%L&I-`~@s37(JG4azN+LI zN2Q_tF7jreonR^Tm!%Q=E$t-d#?moLB4fgQxc?LvcNn!)oZm_F7;&Hbqv{!@8i7_f z4F5_TXs|y29^e?|h#vQqTs5ZEKhqsA(^OLsj+m>i489^I6$?09Y5#>nr4d28EYa=A~0V+pFTwnk zW{d9vO1|-MnbV2)C~{z}#x!I+ZI36*djEn6Z_goq4d@QLUp)nRKAkF-_|cavFq28E zmd^*~fCk_sDHA=Av`)xV7FB__Rhe723w~_zI_mZ0{zFfB_rlYp*J%yQb;fOsVpoj+ z^GkXS3WB#Hl~0?$(As}PS4u$;oPtUYGj&xL#bH>{&n&ax(3bWq3-NQs;2lYyFP5a? z7Hzu%l}U1^l7DL=Q@+X{=gYi)TBex^rg3}_2=P<0v2^i-7w%i-vH@^qJnJ4KNb5)D zZ-^+Q`DZ(U`CAUTN}9FKLNV$Ar6J%6a*a+D)u3BpA8!=hc^&;eRIh?_lc(M5uCdD;!&*8EPQRYgX%(uSuM=Vr_{@E2t-bfJ9DK7^!y8X zO39*%$zl6gWD66tsab=%$xjoGL7F#5c5_!ku!H7#*P>wu&dwGD%GK_bwg1$Q!xsmb zzd&hDgXc#dMVxb`QJ>B7iX)B$f(fHOELD4rYuz3ic>gf>iMqE+iaNn#vnXAl`>d-Z zDghG99g=z9Bzd?2LCS6=`HJZa?i#M?bi74|_-HC*lEj3*Y16a~1NBljV#Kx+hmr~P zQ7i3(kS(C*yl1UJEdniA;VW@+fDR%S8?jAl+(70m8}`r>c5dV}_g(LfPo)UY2?)|o zM)1#kxfk?{Q8+##=z>KVuHi2m;FKolx&IIXiHnM3%NrE2S*rN{>T;3c#t|mdmjSUP zx!cA^EmGYKsLj&jn9HJ2sL(d?z1oLSkXjLWZpPYyGdK@36!8#PtxYf?kcLHBgMxdr zFw+?1Kq<)IAzKv@d(n24+t$G+OTSH+aTg*x%6xBPVnS8K^JdWRdU)oIArvR%L0f8M z$UpWYfDlIAt!j9g1H)C6E97o?DnS}0!A!JEiw>XXM?qO_JE^UHmn!m*h3wJaeQf>V z1(t$8bzaCcu6(=?A0leLPw$!6Vjmt0W{Ec2*b*vwVrI~1{rsZe<&N^yX-5Ip$|AhHfo0MElDbRN~j}) zCq>!WxfV&y}N}PcK&ki8F(*F24j#%Hrau zy?Q=!{A}_G-SK~21^`4trr-`T`#^0vDgMn9bcNqwp}~#;bNDpFkRtq>@67{%KX|l% z@j`Q;$w-sFNdbLA$LXC0a3+5T06<L%147zwnpJr)ML#ETxEek_TE2)!6M&nZf-J#>crvzJ=TJNzeVK(Y>cr)Rkcq} zek@R+3Cs^PfdR(D$e1of<)a6eWFWD8@|&P6mNhG-&(WA`m? z+q&)>&1*h^5tjr?+->w*SL{P59J-o?1>4Wm-JNTmXLO>AHT4AQujwbwQF}q9rzTwy zfGmcI29^bB@3_3%R5Y9A7tQz>C0%@3qjxX;je||4+5y)g;XMCvK@Ei3Px)6!BoTXj)X-QW zd4jhJmUs?#_CA_W=9CSkez@{4Frj%r;%81i(i(&#zSxK15Y-a#laG-u5LWN95*bE` z7kSTam}V6xOZGQYeo=J(uFo2_0@>m|_zMD1qu(~u8TEpZLTgLB-(4`O{PKQxc(srj z%?pK0btMg3MWO50$1uI~u(S}CR`&vBZ9#6&sqNk^@?jEZw|sP5dbO)<9Izv^qc;%5 z2w^vSwN}{n#LYEtXssCrr2=?7vCwLG$f6IQ82c=C!X%%qAX6Y!D{2OW-$nVn^>o40 zktnL3fgzk!em!~?D4s0RdcuDLLJnM+v0}ZMZ%_MrRP9+_x2sr2?vNGYywFJU3e=5( z>HK?deB2B5#clx^kY!x(N0MVB1V|41d23R_+-@)bK7tv|M;m_M^58q(p(3k zsEsw^2ZE(0R1eVm{<_4*4*@|@?XB~*;1Y3H5)DsEB_zBBGqqO7yvDnD7bT4<_`GAL z^F=_Rdp^Id3xOQZln%gn(?C@29Z)nC&ny{Fdqv#s;xCsg066R=8Q7V6{a%}lWwfc3 zCxtVAB_(sEy!40tC;tvUd0wSA?;5wYy1&X1#4XrMr>&CgR9je*tZzg9Nl!Psr9V+he!4Iw;R&IW>ZE~yldK<3@gHfeh4ZGK`qI?p$Up!Zg zEjRAOOqG%x%Tu0s08+fhN;finhx*y^K^I&0U9NHXCb`zEX*{ZBv?w&lhiEe8F$c%` zD`#h-$vl+;VT83-+;bQV|KUBu+>(3Tx!y+D)8E1R2IKAk$WqDbdBjX4aQTcWVLO=> z3Jd!UH9=xKAoq%aHnVwcZEfpgzmY#26TursriR5khN6T&sR@BRz(fkXfcm0^de=*2 z0L`BAfArRmp24X*6XU!j50Uu@>P5Vql&}H+v`GHS2FLmLjL>kwKY-Fmj_JE4Buhaw zLEFGQR<{rG=PIWcPPe z`0`y78-OtAO#)3%AKeQ4{U;gYLj`3*U3=1RgrFj?kL5nW+4DGp`1Y9ZgI$|{c zs%BbPq?`hI4vMQYZ9usKN}|U&tQ{Txu_X=r5wxC(D~$k_bZKi7x`l2%Z&TJEEf+Jq zr&_!Ll)!abq_~lg`v4Ag>o%uG$Q1xw0id6f_PBmsq%F$-1rSP;(GtVj-pWOHh-Ve= zbERRmnq<5M?3*poV+qj$7zcr4-p0dtfx{N|2Icz5Cj|Eezl*v3F$MM}xM#8F4R!t$ zz!9(VG*tBn@x#d*+8X*4NyhjDp^re{t>K*|xBx$sE!9-D>B3<;|70AZ0V zE02qN^<|?ZYuX5-Rb}5zjSax z1uRyyE%96+3ruXcxiOEV0;QbMFy+1}VqII?J#9hpe(1yW^y2Y^MJ=%R=lYUO85B1F zY&F9n&M2LzIGJn{M>Oyy^8mqpVOuSy%i!dzKdAx0^C?V)PpvyI)a zUjE44ob#KGVR$p35~j?^di&o!Ab3E@1MIcq0gM3bCx-oB4_Y>FuuvstE)S+$t$=@2 Pf}!|SRjwFj82G;cOZH@t literal 0 HcmV?d00001 diff --git a/doc/aaa/ldap/sonic-system-ldap.yang b/doc/aaa/ldap/sonic-system-ldap.yang new file mode 100644 index 0000000000..82fe462400 --- /dev/null +++ b/doc/aaa/ldap/sonic-system-ldap.yang @@ -0,0 +1,108 @@ +module sonic-system-ldap { + yang-version 1.1; + namespace "http://github.com/Azure/sonic-system-ldap"; + prefix ssys-ldap; + + import ietf-inet-types { + prefix inet; + } + + description "LDAP YANG Module for SONiC OS"; + + revision 2023-10-01 { + description "First Revision"; + } + + container sonic-system-ldap { + + container LDAP_SERVER { + list LDAP_SERVER_LIST { + max-elements 8; + key "hostname"; + + leaf hostname { + type inet:host; + description + "LDAP server's Domain name or IP address (IPv4 or IPv6)"; + } + + leaf priority { + default 1; + type uint8 { + range "1..8" { + error-message "LDAP server priority must be 1..8"; + } + } + description "Server priority"; + } + } + } + + container LDAP { + + container global { + + + leaf bind_dn { + type string { + length "1..65"; + } + description + 'LDAP global bind dn'; + } + + leaf bind_password { + type string { + length "1..65"; + pattern "[^ #,]*" { + error-message 'LDAP shared secret (Valid chars are ASCII printable except SPACE, "#", and ",")'; + } + } + description "Shared secret used for encrypting the communication"; + } + + leaf bind_timeout { + default 5; + type uint16 { + range "1..120" { + error-message "Ldap bind timeout must be 1..120"; + } + } + description "Ldap bind timeout"; + } + + leaf version { + default 3; + type uint16 { + range "1..3" { + error-message "Ldap version must be 1..3"; + } + } + description "Ldap version"; + } + + leaf base_dn { + type string { + length "1..65"; + } + description "Ldap user base dn"; + } + + leaf port { + type inet:port-number; + default 389; + description "TCP port to communicate with LDAP server"; + } + + leaf timeout { + description "Ldap timeout duration in sec"; + type uint16 { + range "1..60" { + error-message "LDAP timeout must be 1..60"; + } + } + } + } /* container global */ + } /* container LDAP */ + }/* container sonic-system-ldap */ +}/* end of module sonic-system-ldap */